Уязвимость CVE-2013-6629: Информация

Описание

The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.

Важность: MEDIUM (5,0)

URL: https://nvd.nist.gov/vuln/detail/CVE-2013-6629

Опубликовано: 19 ноября 2013 г.

Изменено: 21 июня 2023 г.

Идентификатор типа ошибки: CWE-200

Исправленные пакеты

Имя пакета	Ветка	Исправлено в версии	Версия в репозитории	Errata ID	№ Задания	Состояние
chromium	sisyphus	31.0.1650.57-alt1.r235101	124.0.6367.78-alt1	ALT-PU-2013-1119-1	108603	Исправлено
chromium	p10	31.0.1650.57-alt1.r235101	119.0.6045.159-alt0.p10.1	ALT-PU-2013-1119-1	108603	Исправлено
chromium	p9	31.0.1650.57-alt1.r235101	97.0.4692.99-alt0.p9.1	ALT-PU-2013-1119-1	108603	Исправлено
chromium	c10f1	31.0.1650.57-alt1.r235101	110.0.5481.177-alt1.p10.1	ALT-PU-2013-1119-1	108603	Исправлено
chromium	c9f2	31.0.1650.57-alt1.r235101	84.0.4147.105-alt1.1.p9	ALT-PU-2013-1119-1	108603	Исправлено
chromium	c7	32.0.1700.102-alt0.M70P.1	38.0.2125.122-alt0.M70C.2	ALT-PU-2014-1140-1	113152	Исправлено
firefox	sisyphus	26.0-alt1	125.0.2-alt1	ALT-PU-2013-1333-1	111073	Исправлено
firefox	p10	26.0-alt1	118.0.2-alt0.p10.1	ALT-PU-2013-1333-1	111073	Исправлено
firefox	p9	26.0-alt1	105.0.1-alt0.c9.1	ALT-PU-2013-1333-1	111073	Исправлено
firefox	c10f1	26.0-alt1	112.0.2-alt0.p10.1	ALT-PU-2013-1333-1	111073	Исправлено
firefox	c9f2	26.0-alt1	105.0.1-alt0.c9.1	ALT-PU-2013-1333-1	111073	Исправлено
firefox	c7	31.3.0-alt0.M70C.2	60.8.0-alt0.M70C.1	ALT-PU-2015-1094-1	139024	Исправлено
libjpeg-turbo	sisyphus	1.3.1-alt0.1	3.0.2-alt2.1	ALT-PU-2013-1324-1	111060	Исправлено
libjpeg-turbo	p10	1.3.1-alt0.1	2.1.5.1-alt1.p10.1	ALT-PU-2013-1324-1	111060	Исправлено
libjpeg-turbo	p9	1.3.1-alt0.1	2.0.2-alt1	ALT-PU-2013-1324-1	111060	Исправлено
libjpeg-turbo	c10f1	1.3.1-alt0.1	2.1.2-alt1.2	ALT-PU-2013-1324-1	111060	Исправлено
libjpeg-turbo	c9f2	1.3.1-alt0.1	2.0.2-alt1.c9f2.1	ALT-PU-2013-1324-1	111060	Исправлено
seamonkey	p9	2.23-alt1	2.53.14-alt1	ALT-PU-2014-1201-1	114634	Исправлено
seamonkey	c10f1	2.23-alt1	2.53.14-alt1	ALT-PU-2014-1201-1	114634	Исправлено
seamonkey	c9f2	2.23-alt1	2.53.14-alt1	ALT-PU-2014-1201-1	114634	Исправлено
seamonkey	c7	2.23-alt0.M70P.1	2.26-alt0.M70P.1	ALT-PU-2014-1372-1	117117	Исправлено
thunderbird	sisyphus	24.2.0-alt1	115.9.0-alt1	ALT-PU-2013-1334-1	111073	Исправлено
thunderbird	p10	24.2.0-alt1	115.9.0-alt1	ALT-PU-2013-1334-1	111073	Исправлено
thunderbird	p9	24.2.0-alt1	102.11.0-alt0.c9.1	ALT-PU-2013-1334-1	111073	Исправлено
thunderbird	c10f1	24.2.0-alt1	115.9.0-alt0.c10.1	ALT-PU-2013-1334-1	111073	Исправлено
thunderbird	c9f2	24.2.0-alt1	102.11.0-alt0.c9.1	ALT-PU-2013-1334-1	111073	Исправлено
thunderbird	c7	24.3.0-alt0.M70P.1	60.8.0-alt0.M70C.1	ALT-PU-2014-1391-1	117167	Исправлено

Ссылки на рекомендации, решения и инструменты

Ссылка	Ресурс
https://code.google.com/p/chromium/issues/detail?id=258723	Issue Tracking Third Party Advisory
https://src.chromium.org/viewvc/chrome?revision=229729&view=revision	Patch Third Party Advisory
20131112 bugs in IJG jpeg6b & libjpeg-turbo	Broken Link
http://bugs.ghostscript.com/show_bug.cgi?id=686980	Issue Tracking Vendor Advisory
http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html	Vendor Advisory
http://www.mozilla.org/security/announce/2013/mfsa2013-116.html	Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=891693	Issue Tracking Patch Third Party Advisory
DSA-2799	Third Party Advisory
RHSA-2013:1803	Third Party Advisory
openSUSE-SU-2013:1776	Mailing List Third Party Advisory
openSUSE-SU-2013:1861	Mailing List Third Party Advisory
RHSA-2013:1804	Third Party Advisory
USN-2053-1	Third Party Advisory
USN-2052-1	Third Party Advisory
openSUSE-SU-2013:1777	Mailing List Third Party Advisory
FEDORA-2013-23127	Mailing List Third Party Advisory
openSUSE-SU-2013:1957	Mailing List Third Party Advisory
openSUSE-SU-2013:1959	Mailing List Third Party Advisory
openSUSE-SU-2013:1958	Mailing List Third Party Advisory
56175	Not Applicable
openSUSE-SU-2014:0008	Mailing List Third Party Advisory
FEDORA-2013-23295	Mailing List Third Party Advisory
openSUSE-SU-2013:1917	Mailing List Third Party Advisory
USN-2060-1	Third Party Advisory
openSUSE-SU-2013:1916	Mailing List Third Party Advisory
FEDORA-2013-23291	Mailing List Third Party Advisory
openSUSE-SU-2013:1918	Mailing List Third Party Advisory
FEDORA-2013-23519	Mailing List Third Party Advisory
openSUSE-SU-2014:0065	Mailing List Third Party Advisory
http://support.apple.com/kb/HT6150	Third Party Advisory
MDVSA-2013:273	Broken Link
http://advisories.mageia.org/MGASA-2013-0333.html	Third Party Advisory
http://support.apple.com/kb/HT6163	Third Party Advisory
http://support.apple.com/kb/HT6162	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21672080	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676746	Broken Link
58974	Not Applicable
59058	Not Applicable
https://www.ibm.com/support/docview.wss?uid=swg21675973	Third Party Advisory
GLSA-201406-32	Third Party Advisory
1029476	Broken Link Third Party Advisory VDB Entry
1029470	Broken Link Third Party Advisory VDB Entry
GLSA-201606-03	Third Party Advisory
SSRT101668	Issue Tracking Mailing List Third Party Advisory
SSRT101667	Issue Tracking Mailing List Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705	Third Party Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2013-6629	Patch Third Party Advisory
63676	Broken Link Third Party Advisory VDB Entry
RHSA-2014:0414	Third Party Advisory
RHSA-2014:0413	Third Party Advisory

Подверженные конфигурации:
1. Конфигурация 1
  cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
  End excliding
  31.0.1650.48
  
  Конфигурация 2
  cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
  
  Конфигурация 3
  cpe:2.3:a:artifex:gpl_ghostscript:*:*:*:*:*:*:*:*
  End excliding
  9.03
  
  Конфигурация 4
  cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:*:*:*:*:*:*:*:*
  End excliding
  1.3.1
  
  Конфигурация 5
  cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
  cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
  cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
  
  Конфигурация 6
  cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
  cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
  cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
  
  Конфигурация 7
  cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
  
  Конфигурация 8
  cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  
  Конфигурация 9
  cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
  End excliding
  26.0
  cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
  End excliding
  2.23
  cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
  End excliding
  24.2.0
  cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
  End excliding
  24.2

Версия: v24.4.2

Наверх

Уязвимость CVE-2013-6629: Информация

Описание

Исправленные пакеты

Ссылки на рекомендации, решения и инструменты

Конфигурация 1

Конфигурация 2

Конфигурация 3

Конфигурация 4

Конфигурация 5

Конфигурация 6

Конфигурация 7

Конфигурация 8

Конфигурация 9