5
CVE-2013-6629
- EPSS 0.21%
- Veröffentlicht 19.11.2013 04:50:56
- Zuletzt bearbeitet 25.11.2025 17:50:16
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Artifex ≫ Gpl Ghostscript Version < 9.03
Libjpeg-turbo ≫ Libjpeg-turbo Version < 1.3.1
Fedoraproject ≫ Fedora Version18
Fedoraproject ≫ Fedora Version19
Fedoraproject ≫ Fedora Version20
Canonical ≫ Ubuntu Linux Version10.04 SwEdition-
Canonical ≫ Ubuntu Linux Version12.04 SwEdition-
Canonical ≫ Ubuntu Linux Version12.10
Canonical ≫ Ubuntu Linux Version13.04
Canonical ≫ Ubuntu Linux Version13.10
Debian ≫ Debian Linux Version7.0
Debian ≫ Debian Linux Version8.0
Mozilla ≫ Thunderbird Version < 24.2.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.435 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.