5
CVE-2013-6629
- EPSS 0.21%
- Veröffentlicht 19.11.2013 04:50:56
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Artifex ≫ Gpl Ghostscript Version < 9.03
Libjpeg-turbo ≫ Libjpeg-turbo Version < 1.3.1
Fedoraproject ≫ Fedora Version18
Fedoraproject ≫ Fedora Version19
Fedoraproject ≫ Fedora Version20
Canonical ≫ Ubuntu Linux Version10.04 SwEdition-
Canonical ≫ Ubuntu Linux Version12.04 SwEdition-
Canonical ≫ Ubuntu Linux Version12.10
Canonical ≫ Ubuntu Linux Version13.04
Canonical ≫ Ubuntu Linux Version13.10
Debian ≫ Debian Linux Version7.0
Debian ≫ Debian Linux Version8.0
Mozilla ≫ Firefox ESR Version < 24.2
Mozilla ≫ Thunderbird Version < 24.2.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.435 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.