5

CVE-2013-6629

The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleChrome Version < 31.0.1650.48
OracleSolaris Version11.3
ArtifexGpl Ghostscript Version < 9.03
Libjpeg-turboLibjpeg-turbo Version < 1.3.1
FedoraprojectFedora Version18
FedoraprojectFedora Version19
FedoraprojectFedora Version20
OpensuseOpensuse Version12.2
OpensuseOpensuse Version12.3
OpensuseOpensuse Version13.1
CanonicalUbuntu Linux Version10.04 SwEdition-
CanonicalUbuntu Linux Version12.04 SwEdition-
CanonicalUbuntu Linux Version12.10
CanonicalUbuntu Linux Version13.04
CanonicalUbuntu Linux Version13.10
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
MozillaFirefox Version < 24.2
MozillaFirefox Version < 26.0
MozillaSeamonkey Version < 2.23
MozillaThunderbird Version < 24.2.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 10.12% 0.95
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Third Party Advisory
http://security.gentoo.org/glsa/glsa-201406-32.xml
Third Party Advisory
http://support.apple.com/kb/HT6150
Third Party Advisory
http://support.apple.com/kb/HT6162
Third Party Advisory
http://support.apple.com/kb/HT6163
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
Third Party Advisory
https://access.redhat.com/errata/RHSA-2014:0414
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
Third Party Advisory
Mailing List
http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
Third Party Advisory
Mailing List
http://www.debian.org/security/2013/dsa-2799
Third Party Advisory
https://code.google.com/p/chromium/issues/detail?id=258723
Third Party Advisory
Issue Tracking
http://advisories.mageia.org/MGASA-2013-0333.html
Third Party Advisory
http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html
Broken Link
http://bugs.ghostscript.com/show_bug.cgi?id=686980
Vendor Advisory
Issue Tracking
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html
Third Party Advisory
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html
Third Party Advisory
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html
Third Party Advisory
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=140852886808946&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://marc.info/?l=bugtraq&m=140852974709252&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://rhn.redhat.com/errata/RHSA-2013-1803.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1804.html
Third Party Advisory
http://secunia.com/advisories/56175
Not Applicable
http://secunia.com/advisories/58974
Not Applicable
http://secunia.com/advisories/59058
Not Applicable
http://www-01.ibm.com/support/docview.wss?uid=swg21672080
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676746
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2013:273
Broken Link
http://www.mozilla.org/security/announce/2013/mfsa2013-116.html
Third Party Advisory
http://www.securityfocus.com/bid/63676
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id/1029470
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id/1029476
Third Party Advisory
Broken Link
VDB Entry
http://www.ubuntu.com/usn/USN-2052-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2053-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2060-1
Third Party Advisory
https://access.redhat.com/errata/RHSA-2014:0413
Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=891693
Patch
Third Party Advisory
Issue Tracking
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2013-6629
Patch
Third Party Advisory
https://security.gentoo.org/glsa/201606-03
Third Party Advisory
https://src.chromium.org/viewvc/chrome?revision=229729&view=revision
Patch
Third Party Advisory
https://www.ibm.com/support/docview.wss?uid=swg21675973
Third Party Advisory