CVE-2013-6630
Published: 18 November 2013
The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Notes
Author | Note |
---|---|
seth-arnold | The fix is to initialize huffval[]. |
mdeslaur | Although original report seems to indicate libjpeg6b isn't affected, that particular code is identical. |
Priority
Status
Package | Release | Status |
---|---|---|
firefox Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Released
(26.0+build2-0ubuntu0.12.04.2)
|
|
quantal |
Released
(26.0+build2-0ubuntu0.12.10.2)
|
|
raring |
Released
(26.0+build2-0ubuntu0.13.04.2)
|
|
saucy |
Released
(26.0+build2-0ubuntu0.13.10.2)
|
|
upstream |
Released
(26.0)
|
|
libjpeg-turbo Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Released
(1.1.90+svn733-0ubuntu4.3)
|
|
quantal |
Released
(1.2.1-0ubuntu2.12.10.1)
|
|
raring |
Released
(1.2.1-0ubuntu2.13.04.1)
|
|
saucy |
Released
(1.3.0-0ubuntu1.1)
|
|
upstream |
Needed
|
|
Patches: vendor: http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/libjpeg_turbo/jdmarker.c?r1=228381&r2=228394&pathrev=228394 vendor: http://git.chromium.org/gitweb/?p=chromium/deps/libjpeg_turbo.git;a=commit;h=32cab49bd4cb1ce069a435fd75f9439c34ddc6f8 |
||
libjpeg6b Launchpad, Ubuntu, Debian |
lucid |
Released
(6b-15ubuntu1.1)
|
precise |
Released
(6b1-2ubuntu1.1)
|
|
quantal |
Released
(6b1-2ubuntu2.1)
|
|
raring |
Released
(6b1-3ubuntu1.13.04.1)
|
|
saucy |
Released
(6b1-3ubuntu1.13.10.1)
|
|
upstream |
Released
(6b1-4)
|
|
thunderbird Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Released
(1:24.2.0+build1-0ubuntu0.12.04.1)
|
|
quantal |
Released
(1:24.2.0+build1-0ubuntu0.12.10.1)
|
|
raring |
Released
(1:24.2.0+build1-0ubuntu0.13.04.1)
|
|
saucy |
Released
(1:24.2.0+build1-0ubuntu0.13.10.1)
|
|
upstream |
Released
(24.2.0)
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6630
- http://lists.grok.org.uk/pipermail/full-disclosure/2013-November/092015.html
- https://ubuntu.com/security/notices/USN-2052-1
- https://ubuntu.com/security/notices/USN-2053-1
- https://ubuntu.com/security/notices/USN-2060-1
- NVD
- Launchpad
- Debian