Vulnerability CVE-2013-6629: Information

Description

The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.

Severity: MEDIUM (5.0)

URL: https://nvd.nist.gov/vuln/detail/CVE-2013-6629

Published: Nov. 19, 2013

Modified: June 21, 2023

Error type identifier: CWE-200

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
chromium	sisyphus	31.0.1650.57-alt1.r235101	124.0.6367.207-alt1	ALT-PU-2013-1119-1	108603	Fixed
chromium	p10	31.0.1650.57-alt1.r235101	119.0.6045.159-alt0.p10.1	ALT-PU-2013-1119-1	108603	Fixed
chromium	p9	31.0.1650.57-alt1.r235101	97.0.4692.99-alt0.p9.1	ALT-PU-2013-1119-1	108603	Fixed
chromium	c10f1	31.0.1650.57-alt1.r235101	110.0.5481.177-alt1.p10.1	ALT-PU-2013-1119-1	108603	Fixed
chromium	c9f2	31.0.1650.57-alt1.r235101	84.0.4147.105-alt1.1.p9	ALT-PU-2013-1119-1	108603	Fixed
chromium	c7	32.0.1700.102-alt0.M70P.1	38.0.2125.122-alt0.M70C.2	ALT-PU-2014-1140-1	113152	Fixed
firefox	sisyphus	26.0-alt1	125.0.3-alt1	ALT-PU-2013-1333-1	111073	Fixed
firefox	p10	26.0-alt1	118.0.2-alt0.p10.1	ALT-PU-2013-1333-1	111073	Fixed
firefox	p9	26.0-alt1	105.0.1-alt0.c9.1	ALT-PU-2013-1333-1	111073	Fixed
firefox	c10f1	26.0-alt1	112.0.2-alt0.p10.1	ALT-PU-2013-1333-1	111073	Fixed
firefox	c9f2	26.0-alt1	105.0.1-alt0.c9.1	ALT-PU-2013-1333-1	111073	Fixed
firefox	c7	31.3.0-alt0.M70C.2	60.8.0-alt0.M70C.1	ALT-PU-2015-1094-1	139024	Fixed
libjpeg-turbo	sisyphus	1.3.1-alt0.1	3.0.2-alt2.1	ALT-PU-2013-1324-1	111060	Fixed
libjpeg-turbo	p10	1.3.1-alt0.1	2.1.5.1-alt1.p10.2	ALT-PU-2013-1324-1	111060	Fixed
libjpeg-turbo	p9	1.3.1-alt0.1	2.0.2-alt1	ALT-PU-2013-1324-1	111060	Fixed
libjpeg-turbo	c10f1	1.3.1-alt0.1	2.1.2-alt1.2	ALT-PU-2013-1324-1	111060	Fixed
libjpeg-turbo	c9f2	1.3.1-alt0.1	2.0.2-alt1.c9f2.1	ALT-PU-2013-1324-1	111060	Fixed
seamonkey	p9	2.23-alt1	2.53.14-alt1	ALT-PU-2014-1201-1	114634	Fixed
seamonkey	c10f1	2.23-alt1	2.53.14-alt1	ALT-PU-2014-1201-1	114634	Fixed
seamonkey	c9f2	2.23-alt1	2.53.14-alt1	ALT-PU-2014-1201-1	114634	Fixed
seamonkey	c7	2.23-alt0.M70P.1	2.26-alt0.M70P.1	ALT-PU-2014-1372-1	117117	Fixed
thunderbird	sisyphus	24.2.0-alt1	115.9.0-alt1	ALT-PU-2013-1334-1	111073	Fixed
thunderbird	p10	24.2.0-alt1	115.9.0-alt1	ALT-PU-2013-1334-1	111073	Fixed
thunderbird	p9	24.2.0-alt1	102.11.0-alt0.c9.1	ALT-PU-2013-1334-1	111073	Fixed
thunderbird	c10f1	24.2.0-alt1	115.9.0-alt0.c10.1	ALT-PU-2013-1334-1	111073	Fixed
thunderbird	c9f2	24.2.0-alt1	102.11.0-alt0.c9.1	ALT-PU-2013-1334-1	111073	Fixed
thunderbird	c7	24.3.0-alt0.M70P.1	60.8.0-alt0.M70C.1	ALT-PU-2014-1391-1	117167	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://code.google.com/p/chromium/issues/detail?id=258723	Issue Tracking Third Party Advisory
https://src.chromium.org/viewvc/chrome?revision=229729&view=revision	Patch Third Party Advisory
20131112 bugs in IJG jpeg6b & libjpeg-turbo	Broken Link
http://bugs.ghostscript.com/show_bug.cgi?id=686980	Issue Tracking Vendor Advisory
http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html	Vendor Advisory
http://www.mozilla.org/security/announce/2013/mfsa2013-116.html	Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=891693	Issue Tracking Patch Third Party Advisory
DSA-2799	Third Party Advisory
RHSA-2013:1803	Third Party Advisory
openSUSE-SU-2013:1776	Mailing List Third Party Advisory
openSUSE-SU-2013:1861	Mailing List Third Party Advisory
RHSA-2013:1804	Third Party Advisory
USN-2053-1	Third Party Advisory
USN-2052-1	Third Party Advisory
openSUSE-SU-2013:1777	Mailing List Third Party Advisory
FEDORA-2013-23127	Mailing List Third Party Advisory
openSUSE-SU-2013:1957	Mailing List Third Party Advisory
openSUSE-SU-2013:1959	Mailing List Third Party Advisory
openSUSE-SU-2013:1958	Mailing List Third Party Advisory
56175	Not Applicable
openSUSE-SU-2014:0008	Mailing List Third Party Advisory
FEDORA-2013-23295	Mailing List Third Party Advisory
openSUSE-SU-2013:1917	Mailing List Third Party Advisory
USN-2060-1	Third Party Advisory
openSUSE-SU-2013:1916	Mailing List Third Party Advisory
FEDORA-2013-23291	Mailing List Third Party Advisory
openSUSE-SU-2013:1918	Mailing List Third Party Advisory
FEDORA-2013-23519	Mailing List Third Party Advisory
openSUSE-SU-2014:0065	Mailing List Third Party Advisory
http://support.apple.com/kb/HT6150	Third Party Advisory
MDVSA-2013:273	Broken Link
http://advisories.mageia.org/MGASA-2013-0333.html	Third Party Advisory
http://support.apple.com/kb/HT6163	Third Party Advisory
http://support.apple.com/kb/HT6162	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21672080	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676746	Broken Link
58974	Not Applicable
59058	Not Applicable
https://www.ibm.com/support/docview.wss?uid=swg21675973	Third Party Advisory
GLSA-201406-32	Third Party Advisory
1029476	Broken Link Third Party Advisory VDB Entry
1029470	Broken Link Third Party Advisory VDB Entry
GLSA-201606-03	Third Party Advisory
SSRT101668	Issue Tracking Mailing List Third Party Advisory
SSRT101667	Issue Tracking Mailing List Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705	Third Party Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2013-6629	Patch Third Party Advisory
63676	Broken Link Third Party Advisory VDB Entry
RHSA-2014:0414	Third Party Advisory
RHSA-2014:0413	Third Party Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
  End excliding
  31.0.1650.48
  
  Configuration 2
  cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
  
  Configuration 3
  cpe:2.3:a:artifex:gpl_ghostscript:*:*:*:*:*:*:*:*
  End excliding
  9.03
  
  Configuration 4
  cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:*:*:*:*:*:*:*:*
  End excliding
  1.3.1
  
  Configuration 5
  cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
  cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
  cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
  
  Configuration 6
  cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
  cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
  cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
  
  Configuration 7
  cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
  
  Configuration 8
  cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  
  Configuration 9
  cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
  End excliding
  26.0
  cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
  End excliding
  2.23
  cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
  End excliding
  24.2.0
  cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
  End excliding
  24.2

Version: v24.5.0

Vulnerability CVE-2013-6629: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Configuration 5

Configuration 6

Configuration 7

Configuration 8

Configuration 9