Home > Vulnerability Database > CVE-2013-6629

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2013-6629

Good to know:

Date: November 18, 2013

The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.

Language: C

Severity Score

5.3

Related Resources (57)

Url: http://marc.info/?l=bugtraq&m=140852886808946&w=2

Url: http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html

Url: http://www-01.ibm.com/support/docview.wss?uid=swg21676746

Url: http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html

Url: http://support.apple.com/kb/HT6163

Url: http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html

Url: http://support.apple.com/kb/HT6162

Url: http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2013-6629

Url: http://rhn.redhat.com/errata/RHSA-2013-1803.html

Url: https://access.redhat.com/security/cve/CVE-2013-6629

Url: https://security-tracker.debian.org/tracker/CVE-2013-6629

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=891693

Url: http://www.ubuntu.com/usn/USN-2052-1

Url: http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html

Url: http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html

Url: http://support.apple.com/kb/HT6150

Url: http://www.mozilla.org/security/announce/2013/mfsa2013-116.html

Url: http://secunia.com/advisories/56175

Url: http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html

Url: http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html

Url: http://www.securitytracker.com/id/1029476

Url: http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html

Url: https://code.google.com/p/chromium/issues/detail?id=258723

Url: http://www.securitytracker.com/id/1029470

Url: http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html

Url: https://access.redhat.com/errata/RHSA-2014:0414

Url: https://access.redhat.com/errata/RHSA-2014:0413

Url: http://www.ubuntu.com/usn/USN-2060-1

Url: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

Url: http://rhn.redhat.com/errata/RHSA-2013-1804.html

Url: http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html

Url: http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html

Url: http://security.gentoo.org/glsa/glsa-201406-32.xml

Url: http://secunia.com/advisories/59058

Url: http://www.debian.org/security/2013/dsa-2799

Url: http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html

Url: https://src.chromium.org/viewvc/chrome?revision=229729&view=revision

Url: http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html

Url: http://www.ubuntu.com/usn/USN-2053-1

Url: http://www-01.ibm.com/support/docview.wss?uid=swg21672080

Url: http://bugs.ghostscript.com/show_bug.cgi?id=686980

Url: http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html

Url: http://secunia.com/advisories/58974

Url: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2013-6629

Url: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html

Url: http://advisories.mageia.org/MGASA-2013-0333.html

Url: http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2013:273

Url: http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html

Url: http://marc.info/?l=bugtraq&m=140852974709252&w=2

Url: https://security.gentoo.org/glsa/201606-03

Url: https://www.ibm.com/support/docview.wss?uid=swg21675973

Url: http://www.securityfocus.com/bid/63676

Url: https://nvd.nist.gov/vuln/detail/CVE-2013-6629

Url: http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Url: https://www.mend.io/vulnerability-database/CVE-2013-6629

Severity Score

5.3

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Top Fix

Upgrade Version

Upgrade to version 1.3.90

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us