CVE-2013-6629
Published: 18 November 2013
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Notes
| Author | Note |
|---|---|
| seth-arnold | Michal suggests libjpeg6b will not be updated from upstream |
| mdeslaur | upstream bug and proposed patch is ancient. Chromium contains a patch. |
| jdstrand | openjdk uses system jpeg |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
firefox Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
| precise |
Released
(26.0+build2-0ubuntu0.12.04.2)
|
|
| quantal |
Released
(26.0+build2-0ubuntu0.12.10.2)
|
|
| raring |
Released
(26.0+build2-0ubuntu0.13.04.2)
|
|
| saucy |
Released
(26.0+build2-0ubuntu0.13.10.2)
|
|
| upstream |
Released
(26.0)
|
|
|
libjpeg-turbo Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Released
(1.1.90+svn733-0ubuntu4.3)
|
|
| quantal |
Released
(1.2.1-0ubuntu2.12.10.1)
|
|
| raring |
Released
(1.2.1-0ubuntu2.13.04.1)
|
|
| saucy |
Released
(1.3.0-0ubuntu1.1)
|
|
| upstream |
Needed
|
|
|
Patches: other: http://ghostscript.com/pipermail/gs-code-review/2004-June/004579.html vendor: http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/libjpeg_turbo/jdmarker.c?r1=228381&r2=228380&pathrev=228381 |
||
|
libjpeg6b Launchpad, Ubuntu, Debian |
lucid |
Released
(6b-15ubuntu1.1)
|
| precise |
Released
(6b1-2ubuntu1.1)
|
|
| quantal |
Released
(6b1-2ubuntu2.1)
|
|
| raring |
Released
(6b1-3ubuntu1.13.04.1)
|
|
| saucy |
Released
(6b1-3ubuntu1.13.10.1)
|
|
| upstream |
Released
(6b1-4)
|
|
|
Patches: other: http://ghostscript.com/pipermail/gs-code-review/2004-June/004579.html vendor: http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libjpeg/jdmarker.c?r1=228354&r2=228353&pathrev=228354 vendor: https://src.chromium.org/viewvc/chrome?revision=229729&view=revision vendor: http://git.chromium.org/gitweb/?p=chromium/deps/libjpeg_turbo.git;a=commit;h=2285c50bcd51dd999d80b99b30ce9aef9fb80833 |
||
|
openjdk-7 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Ignored
(end of life)
|
|
| quantal |
Ignored
(end of life)
|
|
| saucy |
Ignored
(end of life)
|
|
| trusty |
Does not exist
(trusty was ignored [uses system libjpeg6b])
|
|
| upstream |
Released
(7u55-2.4.7-1)
|
|
|
thunderbird Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
| precise |
Released
(1:24.2.0+build1-0ubuntu0.12.04.1)
|
|
| quantal |
Released
(1:24.2.0+build1-0ubuntu0.12.10.1)
|
|
| raring |
Released
(1:24.2.0+build1-0ubuntu0.13.04.1)
|
|
| saucy |
Released
(1:24.2.0+build1-0ubuntu0.13.10.1)
|
|
| upstream |
Released
(24.2.0)
|
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629
- http://lists.grok.org.uk/pipermail/full-disclosure/2013-November/092015.html
- https://ubuntu.com/security/notices/USN-2052-1
- https://ubuntu.com/security/notices/USN-2053-1
- https://ubuntu.com/security/notices/USN-2060-1
- NVD
- Launchpad
- Debian