Your submission was sent successfully! Close

CVE-2013-6630

Published: 18 November 2013

The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.

Notes

AuthorNote
seth-arnold
The fix is to initialize huffval[].
mdeslaur
Although original report seems to indicate libjpeg6b isn't
affected, that particular code is identical.
Priority

Medium

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise
Released (26.0+build2-0ubuntu0.12.04.2)
quantal
Released (26.0+build2-0ubuntu0.12.10.2)
raring
Released (26.0+build2-0ubuntu0.13.04.2)
saucy
Released (26.0+build2-0ubuntu0.13.10.2)
upstream
Released (26.0)
libjpeg-turbo
Launchpad, Ubuntu, Debian
lucid Does not exist

precise
Released (1.1.90+svn733-0ubuntu4.3)
quantal
Released (1.2.1-0ubuntu2.12.10.1)
raring
Released (1.2.1-0ubuntu2.13.04.1)
saucy
Released (1.3.0-0ubuntu1.1)
upstream Needed

Patches:
vendor: http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/libjpeg_turbo/jdmarker.c?r1=228381&r2=228394&pathrev=228394
vendor: http://git.chromium.org/gitweb/?p=chromium/deps/libjpeg_turbo.git;a=commit;h=32cab49bd4cb1ce069a435fd75f9439c34ddc6f8
libjpeg6b
Launchpad, Ubuntu, Debian
lucid
Released (6b-15ubuntu1.1)
precise
Released (6b1-2ubuntu1.1)
quantal
Released (6b1-2ubuntu2.1)
raring
Released (6b1-3ubuntu1.13.04.1)
saucy
Released (6b1-3ubuntu1.13.10.1)
upstream
Released (6b1-4)
thunderbird
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise
Released (1:24.2.0+build1-0ubuntu0.12.04.1)
quantal
Released (1:24.2.0+build1-0ubuntu0.12.10.1)
raring
Released (1:24.2.0+build1-0ubuntu0.13.04.1)
saucy
Released (1:24.2.0+build1-0ubuntu0.13.10.1)
upstream
Released (24.2.0)