5

CVE-2013-6630

The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleChrome Version <= 31.0.1650.47
GoogleChrome Version31.0.1650.0
GoogleChrome Version31.0.1650.2
GoogleChrome Version31.0.1650.3
GoogleChrome Version31.0.1650.4
GoogleChrome Version31.0.1650.5
GoogleChrome Version31.0.1650.6
GoogleChrome Version31.0.1650.7
GoogleChrome Version31.0.1650.8
GoogleChrome Version31.0.1650.9
GoogleChrome Version31.0.1650.10
GoogleChrome Version31.0.1650.11
GoogleChrome Version31.0.1650.12
GoogleChrome Version31.0.1650.13
GoogleChrome Version31.0.1650.14
GoogleChrome Version31.0.1650.15
GoogleChrome Version31.0.1650.16
GoogleChrome Version31.0.1650.17
GoogleChrome Version31.0.1650.18
GoogleChrome Version31.0.1650.19
GoogleChrome Version31.0.1650.20
GoogleChrome Version31.0.1650.22
GoogleChrome Version31.0.1650.23
GoogleChrome Version31.0.1650.25
GoogleChrome Version31.0.1650.26
GoogleChrome Version31.0.1650.27
GoogleChrome Version31.0.1650.28
GoogleChrome Version31.0.1650.29
GoogleChrome Version31.0.1650.30
GoogleChrome Version31.0.1650.31
GoogleChrome Version31.0.1650.32
GoogleChrome Version31.0.1650.33
GoogleChrome Version31.0.1650.34
GoogleChrome Version31.0.1650.35
GoogleChrome Version31.0.1650.36
GoogleChrome Version31.0.1650.37
GoogleChrome Version31.0.1650.38
GoogleChrome Version31.0.1650.39
GoogleChrome Version31.0.1650.41
GoogleChrome Version31.0.1650.42
GoogleChrome Version31.0.1650.43
GoogleChrome Version31.0.1650.44
GoogleChrome Version31.0.1650.45
GoogleChrome Version31.0.1650.46
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.13% 0.796
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
http://www.debian.org/security/2013/dsa-2799
https://code.google.com/p/chromium/issues/detail?id=299835
http://advisories.mageia.org/MGASA-2013-0333.html
http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html
http://rhn.redhat.com/errata/RHSA-2013-1803.html
http://secunia.com/advisories/56175
http://www.mandriva.com/security/advisories?name=MDVSA-2013:273
http://www.mozilla.org/security/announce/2013/mfsa2013-116.html
http://www.securitytracker.com/id/1029470
http://www.securitytracker.com/id/1029476
http://www.ubuntu.com/usn/USN-2052-1
http://www.ubuntu.com/usn/USN-2053-1
http://www.ubuntu.com/usn/USN-2060-1
https://bugzilla.mozilla.org/show_bug.cgi?id=891693
https://security.gentoo.org/glsa/201606-03
http://git.chromium.org/gitweb/?p=chromium/deps/libjpeg_turbo.git%3Ba=commit%3Bh=32cab49bd4cb1ce069a435fd75f9439c34ddc6f8