CVE-2013-6629

Published: Nov 19, 2013Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.

Affected (21)

Products: Google: Chrome · Oracle: Solaris · Artifex: Gpl Ghostscript · +6 more

Show all products

Google: Chrome · Oracle: Solaris · Artifex: Gpl Ghostscript · Libjpeg Turbo: Libjpeg Turbo · Fedoraproject: Fedora · Opensuse: Opensuse · Canonical: Ubuntu Linux · Debian: Debian Linux · Mozilla: Firefox, Seamonkey, Thunderbird

1 product

1 product

1 product

1 product

1 product

1 product

1 product

1 product

3 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Chrome	Before 31.0.1650.48

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Solaris	Version 11.3

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Artifex Gpl Ghostscript	Before 9.03

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Libjpeg Turbo Libjpeg Turbo	Before 1.3.1

Configuration E

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 18
Fedoraproject Fedora	Version 19
Fedoraproject Fedora	Version 20

Configuration F

3 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 12.2
Opensuse Opensuse	Version 12.3
Opensuse Opensuse	Version 13.1

Configuration G

5 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 10.04
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 12.10
Canonical Ubuntu Linux	Version 13.04
Canonical Ubuntu Linux	Version 13.10

Configuration H

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0
Debian Debian Linux	Version 8.0

Configuration I

4 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Before 24.2
Mozilla Firefox	Before 26.0
Mozilla Seamonkey	Before 2.23
Mozilla Thunderbird	Before 24.2.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (104)

http://advisories.mageia.org/MGASA-2013-0333.html

Source: cve@mitre.org

Third Party Advisory

http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html

Source: cve@mitre.org

Broken Link

http://bugs.ghostscript.com/show_bug.cgi?id=686980

Source: cve@mitre.org

Issue TrackingVendor Advisory

http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html

Source: cve@mitre.org

Vendor Advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

Source: cve@mitre.org

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=140852886808946&w=2

Source: cve@mitre.org

Issue TrackingMailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=140852974709252&w=2

Source: cve@mitre.org

Issue TrackingMailing ListThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-1803.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-1804.html

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/56175

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/58974

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/59058

Source: cve@mitre.org

Not Applicable

http://security.gentoo.org/glsa/glsa-201406-32.xml

Source: cve@mitre.org

Third Party Advisory

http://support.apple.com/kb/HT6150

Source: cve@mitre.org

Third Party Advisory

http://support.apple.com/kb/HT6162

Source: cve@mitre.org

Third Party Advisory

http://support.apple.com/kb/HT6163

Source: cve@mitre.org

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21672080

Source: cve@mitre.org

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21676746

Source: cve@mitre.org

Broken Link

http://www.debian.org/security/2013/dsa-2799

Source: cve@mitre.org

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2013:273

Source: cve@mitre.org

Broken Link

http://www.mozilla.org/security/announce/2013/mfsa2013-116.html

Source: cve@mitre.org

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: cve@mitre.org

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/63676

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1029470

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1029476

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2052-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-2053-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-2060-1

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2014:0413

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2014:0414

Source: cve@mitre.org

Third Party Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=891693

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

https://code.google.com/p/chromium/issues/detail?id=258723

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2013-6629

Source: cve@mitre.org

PatchThird Party Advisory

https://security.gentoo.org/glsa/201606-03

Source: cve@mitre.org

Third Party Advisory

https://src.chromium.org/viewvc/chrome?revision=229729&view=revision

Source: cve@mitre.org

PatchThird Party Advisory

https://www.ibm.com/support/docview.wss?uid=swg21675973

Source: cve@mitre.org

Third Party Advisory

http://advisories.mageia.org/MGASA-2013-0333.html