CVE-2013-6629
published 2013-11-19CVE-2013-6629: The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other…
PriorityP431medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
10.12%
95.1th percentile
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Affected
44 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artifex | gpl_ghostscript | < 9.03 | 9.03 |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | libjpeg-turbo | < libjpeg-turbo 1.3.0-3 (bookworm) | libjpeg-turbo 1.3.0-3 (bookworm) |
| debian | libjpeg6b | < libjpeg-turbo 1.3.0-3 (bookworm) | libjpeg-turbo 1.3.0-3 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| chrome | < 31.0.1650.48 | 31.0.1650.48 | |
| libjpeg-turbo | libjpeg-turbo | < 1.3.1 | 1.3.1 |
| libjpeg-turbo | libjpeg-turbo | >= 0 < 1.3.0-3 | 1.3.0-3 |
| libjpeg-turbo | libjpeg-turbo | >= 0 < 1.3.0-3 | 1.3.0-3 |
| libjpeg-turbo | libjpeg-turbo | >= 0 < 1.3.0-3 | 1.3.0-3 |
| libjpeg-turbo | libjpeg-turbo | >= 0 < 1.3.0-3 | 1.3.0-3 |
| mozilla | firefox | < 24.2 | 24.2 |
| mozilla | firefox | < 26.0 | 26.0 |
| mozilla | seamonkey | < 2.23 | 2.23 |
| mozilla | thunderbird | < 24.2.0 | 24.2.0 |
| msrc | microsoft_silverlight_5_developer_runtime_when_installed | — | — |
| msrc | microsoft_silverlight_5_when_installed | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM
vendor_ubuntu9.8CRITICAL
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
vendor_msrc4.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
libjpeg Information Disclosure Vulnerability
vendor_msrc·2017-04-11·CVSS 4.7
CVE-2013-6629 [MEDIUM] libjpeg Information Disclosure Vulnerability
libjpeg Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists within the open-source libjpeg image-processing library where it fails to properly handle objects in memory, allowing an attacker to retrieve information that could lead to an Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited this vulnerability could cause information to be disclosed that could allow for bypassing the ASLR security feature that protects users from a broad class of vulnerabilities.
The security feature bypass itself does not allow arbitrary code execution. However, an attacker could use the ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, that could take advantage o
Red Hat
OpenJDK: libjpeg: uninitialized memory read information leak (AWT, 8029760)
vendor_redhat·2014-04-15·CVSS 5.0
CVE-2014-0462 [MEDIUM] OpenJDK: libjpeg: uninitialized memory read information leak (AWT, 8029760)
OpenJDK: libjpeg: uninitialized memory read information leak (AWT, 8029760)
Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-2405.
Statement: This issue is a duplicate of the libjpeg CVE-2013-6629 issue. The versions of java-1.6.0-openjdk and java-1.7.0-openjdk as shipped with Red Hat Enterprise Linux 5 and 6 were not affected by this issue, as they do not use bundled libjpeg version.
Package: java-1.6.0-openjdk (Red Hat Enterprise Linux 5) - Not affected
Package: java-1.7.0-openjdk (Red Hat Enterprise Linux 5) - Not affected
Package: java-1.6.0-openjdk (Red Hat Enterprise Linux 6) - Not affected
Package: java-1.7.0-openjdk (Red Hat Enterprise Linux
Ubuntu
libjpeg, libjpeg-turbo vulnerabilities
vendor_ubuntu·2013-12-19
CVE-2013-6629 libjpeg, libjpeg-turbo vulnerabilities
Title: libjpeg, libjpeg-turbo vulnerabilities
Summary: libjpeg and libjpeg-turbo could be made to expose sensitive information.
Michal Zalewski discovered that libjpeg and libjpeg-turbo incorrectly
handled certain memory operations. An attacker could use this issue with
a specially-crafted JPEG file to possibly expose sensitive information.
Instructions: After a standard system update you need to restart your session to make all
the necessary changes.
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2013-12-11·CVSS 9.8
CVE-2013-5609 [CRITICAL] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Several security issues were fixed in Thunderbird.
Ben Turner, Bobby Holley, Jesse Ruderman and Christian Holler discovered
multiple memory safety issues in Thunderbird. If a user were tricked in to
opening a specially crafted message with scripting enabled, an attacker
could potentially exploit these to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Thunderbird. (CVE-2013-5609)
Tyson Smith and Jesse Schwartzentruber discovered a use-after-free in
event listeners. If a user had enabled scripting, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Thunderbird. (CVE-20
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2013-12-11·CVSS 9.8
CVE-2013-5609 [CRITICAL] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler and Christoph
Diehl discovered multiple memory safety issues in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2013-5609, CVE-2013-5610)
Myk Melez discovered that the doorhanger notification for web app
installation could persist between page navigations. An attacker could
potentially exploit this to conduct clickjacking attacks. (CVE-2013-5611)
Masato Kinugawa discovered that pages with missin
Red Hat
libjpeg: information leak (read of uninitialized memory)
vendor_redhat·2013-11-12·CVSS 5.0
CVE-2013-6629 [MEDIUM] CWE-456 libjpeg: information leak (read of uninitialized memory)
libjpeg: information leak (read of uninitialized memory)
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Package: libjpeg-turbo (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2013-6629: libjpeg-turbo - The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo throu...
vendor_debian·2013·CVSS 5.0
CVE-2013-6629 [MEDIUM] CVE-2013-6629: libjpeg-turbo - The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo throu...
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Scope: local
bookworm: resolved (fixed in 1.3.0-3)
bullseye: resolved (fixed in 1.3.0-3)
forky: resolved (fixed in 1.3.0-3)
sid: resolved (fixed in 1.3.0-3)
trixie: resolved (fixed in 1.3.0-3)
GHSA
GHSA-7vr8-hqr3-rjrw: The get_sos function in jdmarker
ghsa_unreviewed·2022-05-14
CVE-2013-6629 [MEDIUM] CWE-200 GHSA-7vr8-hqr3-rjrw: The get_sos function in jdmarker
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
OSV
CVE-2013-6629: The get_sos function in jdmarker
osv·2013-11-19·CVSS 5.0
CVE-2013-6629 [MEDIUM] CVE-2013-6629: The get_sos function in jdmarker
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-0462 OpenJDK: libjpeg: uninitialized memory read information leak (AWT, 8029760)
bugzilla·2014-06-09·CVSS 5.0
CVE-2014-0462 [MEDIUM] CVE-2014-0462 OpenJDK: libjpeg: uninitialized memory read information leak (AWT, 8029760)
CVE-2014-0462 OpenJDK: libjpeg: uninitialized memory read information leak (AWT, 8029760)
The CVE id CVE-2014-0462 was assigned to the following issue:
Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-2405.
References:
http://www.debian.org/security/2014/dsa-2912
http://www.ubuntu.com/usn/USN-2191-1
http://secunia.com/advisories/58415
Discussion:
This CVE id was assigned incorrectly as a duplicate of libjpeg CVE-2013-6629 (see bug 1031734) for a bundled copy of the libjpeg code used in the OpenJDK sources. Incorrect assignment of the id was identified before the new releases were announced, so the id did not appear in those announcements. The id was b
Bugzilla
CVE-2013-6630 libjpeg: information leak (read of uninitialized memory)
bugzilla·2013-11-18·CVSS 5.0
CVE-2013-6630 [MEDIUM] CVE-2013-6630 libjpeg: information leak (read of uninitialized memory)
CVE-2013-6630 libjpeg: information leak (read of uninitialized memory)
It was reported [1],[2] that libjpeg-turbo would use uninitialized memory when handling Huffman tables (an issue similar to CVE-2013-6629). An example proof of concept is also available [3].
This was reported and fixed initially in Google Chrome/Chromium; it does not appear to be fixed in upstream libjpeg-turbo yet. A patch to the third party source in Chromium for libjpeg-turbo [4] however is available.
Interestingly, the report at [2] indicates that libjpeg does not appear to be affected and indicates that a "simple fix for this is to locate get_dht in jdmarker.c and make sure that the huffval[] table is zeroed before use" however looking at a diff of jdmarker.c in libjpeg vs libjpeg-turbo doesn't seem to back that
Bugzilla
CVE-2013-6630 CVE-2013-6629 mingw32-libjpeg: various flaws [epel-5]
bugzilla·2013-11-18·CVSS 5.0
CVE-2013-6630 [MEDIUM] CVE-2013-6630 CVE-2013-6629 mingw32-libjpeg: various flaws [epel-5]
CVE-2013-6630 CVE-2013-6629 mingw32-libjpeg: various flaws [epel-5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
epel-5 tracking bug for mingw32-
Bugzilla
CVE-2013-6629 CVE-2013-6630 libjpeg-turbo: various flaws [fedora-all]
bugzilla·2013-11-18·CVSS 5.0
CVE-2013-6629 [MEDIUM] CVE-2013-6629 CVE-2013-6630 libjpeg-turbo: various flaws [fedora-all]
CVE-2013-6629 CVE-2013-6630 libjpeg-turbo: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affects mul
Bugzilla
CVE-2013-6629 libjpeg: information leak (read of uninitialized memory)
bugzilla·2013-11-18·CVSS 5.0
CVE-2013-6629 [MEDIUM] CVE-2013-6629 libjpeg: information leak (read of uninitialized memory)
CVE-2013-6629 libjpeg: information leak (read of uninitialized memory)
It was reported [1],[2] that libjpeg and libjpeg-turbo would use uninitialized memory when decoding images with missing SOS data for the luminance component (Y) in the presence of valid chroma data (Cr, Cb). An example proof of concept that can be viewed in a browser is also available [3].
This was reported and fixed initially in Google Chrome/Chromium; it does not appear to be fixed in upstream libjpeg or libjpeg-turbo yet. Patches to the third party source in Chromium for libjpeg [4] and libjpeg-turbo [5] however are available.
[1] http://googlechromereleases.blogspot.de/2013/11/stable-channel-update.html
[2] http://packetstormsecurity.com/files/123989/IJG-jpeg6b-libjpeg-turbo-Uninitialized-Memory.html
[3] http://
Bugzilla
CVE-2013-6629 CVE-2013-6630 mingw-libjpeg-turbo: various flaws [fedora-all]
bugzilla·2013-11-18·CVSS 5.0
CVE-2013-6629 [MEDIUM] CVE-2013-6629 CVE-2013-6630 mingw-libjpeg-turbo: various flaws [fedora-all]
CVE-2013-6629 CVE-2013-6630 mingw-libjpeg-turbo: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affec
Bugzilla
JPEG info leak
bugzilla·2013-07-10
[MEDIUM] JPEG info leak
JPEG info leak
This page contains an alternating pattern of kitty.jpg (a legit hello kitty image) and 55.jpg, an image that is 'decoded' to what looks like uninitialized memory:
http://lcamtuf.coredump.cx/jpeg_leak/
In most browsers, reloading this page a couple of times eventually causes a distorted version of 'hello kitty' to appear in one of the 55.jpg squares. In Firefox, it's relatively difficult to hit that condition, but it still happens every now and then.
At the bare minimum, this + seems like a way to steal images across domains, although I suspect that the memory may contain non-image stuff, too.
Safari & others are also affected.
Discussion:
Adding some GFX people.
---
On OSX 10.8, happens in Safari on the initial load.
---
FWIW, an earlier unitialized memory bug in
http://advisories.mageia.org/MGASA-2013-0333.htmlhttp://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.htmlhttp://bugs.ghostscript.com/show_bug.cgi?id=686980http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.htmlhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.htmlhttp://lists.opensuse.org/opensuse-updates/2013-12/msg00085.htmlhttp://lists.opensuse.org/opensuse-updates/2013-12/msg00086.htmlhttp://lists.opensuse.org/opensuse-updates/2013-12/msg00087.htmlhttp://lists.opensuse.org/opensuse-updates/2013-12/msg00119.htmlhttp://lists.opensuse.org/opensuse-updates/2013-12/msg00120.htmlhttp://lists.opensuse.org/opensuse-updates/2013-12/msg00121.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00002.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00042.htmlhttp://marc.info/?l=bugtraq&m=140852886808946&w=2http://marc.info/?l=bugtraq&m=140852974709252&w=2http://rhn.redhat.com/errata/RHSA-2013-1803.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1804.htmlhttp://secunia.com/advisories/56175http://secunia.com/advisories/58974http://secunia.com/advisories/59058http://security.gentoo.org/glsa/glsa-201406-32.xmlhttp://support.apple.com/kb/HT6150http://support.apple.com/kb/HT6162http://support.apple.com/kb/HT6163http://www-01.ibm.com/support/docview.wss?uid=swg21672080http://www-01.ibm.com/support/docview.wss?uid=swg21676746http://www.debian.org/security/2013/dsa-2799http://www.mandriva.com/security/advisories?name=MDVSA-2013:273http://www.mozilla.org/security/announce/2013/mfsa2013-116.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.htmlhttp://www.securityfocus.com/bid/63676http://www.securitytracker.com/id/1029470http://www.securitytracker.com/id/1029476http://www.ubuntu.com/usn/USN-2052-1http://www.ubuntu.com/usn/USN-2053-1http://www.ubuntu.com/usn/USN-2060-1https://access.redhat.com/errata/RHSA-2014:0413https://access.redhat.com/errata/RHSA-2014:0414https://bugzilla.mozilla.org/show_bug.cgi?id=891693https://code.google.com/p/chromium/issues/detail?id=258723https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2013-6629https://security.gentoo.org/glsa/201606-03https://src.chromium.org/viewvc/chrome?revision=229729&view=revisionhttps://www.ibm.com/support/docview.wss?uid=swg21675973http://advisories.mageia.org/MGASA-2013-0333.htmlhttp://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.htmlhttp://bugs.ghostscript.com/show_bug.cgi?id=686980http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.htmlhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.htmlhttp://lists.opensuse.org/opensuse-updates/2013-12/msg00085.htmlhttp://lists.opensuse.org/opensuse-updates/2013-12/msg00086.htmlhttp://lists.opensuse.org/opensuse-updates/2013-12/msg00087.htmlhttp://lists.opensuse.org/opensuse-updates/2013-12/msg00119.htmlhttp://lists.opensuse.org/opensuse-updates/2013-12/msg00120.htmlhttp://lists.opensuse.org/opensuse-updates/2013-12/msg00121.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00002.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00042.htmlhttp://marc.info/?l=bugtraq&m=140852886808946&w=2http://marc.info/?l=bugtraq&m=140852974709252&w=2http://rhn.redhat.com/errata/RHSA-2013-1803.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1804.htmlhttp://secunia.com/advisories/56175http://secunia.com/advisories/58974http://secunia.com/advisories/59058http://security.gentoo.org/glsa/glsa-201406-32.xmlhttp://support.apple.com/kb/HT6150http://support.apple.com/kb/HT6162http://support.apple.com/kb/HT6163http://www-01.ibm.com/support/docview.wss?uid=swg21672080http://www-01.ibm.com/support/docview.wss?uid=swg21676746http://www.debian.org/security/2013/dsa-2799http://www.mandriva.com/security/advisories?name=MDVSA-2013:273http://www.mozilla.org/security/announce/2013/mfsa2013-116.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.htmlhttp://www.securityfocus.com/bid/63676http://www.securitytracker.com/id/1029470http://www.securitytracker.com/id/1029476http://www.ubuntu.com/usn/USN-2052-1http://www.ubuntu.com/usn/USN-2053-1http://www.ubuntu.com/usn/USN-2060-1https://access.redhat.com/errata/RHSA-2014:0413https://access.redhat.com/errata/RHSA-2014:0414https://bugzilla.mozilla.org/show_bug.cgi?id=891693https://code.google.com/p/chromium/issues/detail?id=258723
+ 4 more references
2013-11-19
Published