cbcvebase.
CVE-2013-6629
published 2013-11-19

CVE-2013-6629: The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other…

PriorityP431medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
10.12%
95.1th percentile
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.

Affected

44 ranges· showing 25
VendorProductVersion rangeFixed in
artifexgpl_ghostscript< 9.039.03
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debiandebian_linux
debianlibjpeg-turbo< libjpeg-turbo 1.3.0-3 (bookworm)libjpeg-turbo 1.3.0-3 (bookworm)
debianlibjpeg6b< libjpeg-turbo 1.3.0-3 (bookworm)libjpeg-turbo 1.3.0-3 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
fedoraprojectfedora
googlechrome< 31.0.1650.4831.0.1650.48
libjpeg-turbolibjpeg-turbo< 1.3.11.3.1
libjpeg-turbolibjpeg-turbo>= 0 < 1.3.0-31.3.0-3
libjpeg-turbolibjpeg-turbo>= 0 < 1.3.0-31.3.0-3
libjpeg-turbolibjpeg-turbo>= 0 < 1.3.0-31.3.0-3
libjpeg-turbolibjpeg-turbo>= 0 < 1.3.0-31.3.0-3
mozillafirefox< 24.224.2
mozillafirefox< 26.026.0
mozillaseamonkey< 2.232.23
mozillathunderbird< 24.2.024.2.0
msrcmicrosoft_silverlight_5_developer_runtime_when_installed
msrcmicrosoft_silverlight_5_when_installed

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM
vendor_ubuntu9.8CRITICAL
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
vendor_msrc4.7MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.