CVE-2013-6630Missing Initialization of a Variable in Libjpeg-turbo

CWE-189CWE-456Missing Initialization of a Variable13 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
1.8%
top 17.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Libjpeg-turboDebian Libjpeg-turboDebian Libjpeg6b+1 more
Timeline
PublishedNov 19
Latest updateMay 17

Description

The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

debiandebian/libjpeg-turbo< libjpeg-turbo 1.3.0-3 (bookworm)
Debianlibjpeg-turbo/libjpeg-turbo< 1.3.0-3+3
debiandebian/libjpeg6b< libjpeg-turbo 1.3.0-3 (bookworm)
NVDgoogle/chrome31.0.1650.47+43

🔴Vulnerability Details

2
GHSA
GHSA-pwx8-2f52-93wg: The get_dht function in jdmarker2022-05-17
OSV
CVE-2013-6630: The get_dht function in jdmarker2013-11-19

📋Vendor Advisories

5
Ubuntu
libjpeg, libjpeg-turbo vulnerabilities2013-12-19
Ubuntu
Thunderbird vulnerabilities2013-12-11
Ubuntu
Firefox vulnerabilities2013-12-11
Red Hat
libjpeg: information leak (read of uninitialized memory)2013-11-12
Debian
CVE-2013-6630: libjpeg-turbo - The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Go...2013

💬Community

5
Bugzilla
CVE-2013-6630 libjpeg: information leak (read of uninitialized memory)2013-11-18
Bugzilla
CVE-2013-6630 CVE-2013-6629 mingw32-libjpeg: various flaws [epel-5]2013-11-18
Bugzilla
CVE-2013-6629 CVE-2013-6630 libjpeg-turbo: various flaws [fedora-all]2013-11-18
Bugzilla
CVE-2013-6629 CVE-2013-6630 mingw-libjpeg-turbo: various flaws [fedora-all]2013-11-18
Bugzilla
JPEG info leak2013-07-10