[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247974

 
 

909

 
 

194654

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-6629Date: (C)2013-11-28   (M)2024-04-19


The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECTRACK-1029470
SECTRACK-1029476
http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html
SECUNIA-56175
SECUNIA-58974
SECUNIA-59058
BID-63676
DSA-2799
FEDORA-2013-23127
FEDORA-2013-23291
FEDORA-2013-23295
FEDORA-2013-23519
GLSA-201406-32
GLSA-201606-03
IAVM:2013-A-0233
IAVM:2014-A-0030
IAVM:2014-B-0024
MDVSA-2013:273
RHSA-2013:1803
RHSA-2013:1804
RHSA-2014:0413
RHSA-2014:0414
SSRT101667
SSRT101668
USN-2052-1
USN-2053-1
USN-2060-1
http://advisories.mageia.org/MGASA-2013-0333.html
http://bugs.ghostscript.com/show_bug.cgi?id=686980
http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://support.apple.com/kb/HT6150
http://support.apple.com/kb/HT6162
http://support.apple.com/kb/HT6163
http://www-01.ibm.com/support/docview.wss?uid=swg21672080
http://www-01.ibm.com/support/docview.wss?uid=swg21676746
http://www.mozilla.org/security/announce/2013/mfsa2013-116.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
https://bugzilla.mozilla.org/show_bug.cgi?id=891693
https://code.google.com/p/chromium/issues/detail?id=258723
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2013-6629
https://src.chromium.org/viewvc/chrome?revision=229729&view=revision
https://www.ibm.com/support/docview.wss?uid=swg21675973
openSUSE-SU-2013:1776
openSUSE-SU-2013:1777
openSUSE-SU-2013:1861
openSUSE-SU-2013:1916
openSUSE-SU-2013:1917
openSUSE-SU-2013:1918
openSUSE-SU-2013:1957
openSUSE-SU-2013:1958
openSUSE-SU-2013:1959
openSUSE-SU-2014:0008
openSUSE-SU-2014:0065

CPE    45
cpe:/a:google:chrome:31.0.1650.44
cpe:/a:google:chrome:31.0.1650.43
cpe:/a:google:chrome:31.0.1650.46
cpe:/a:google:chrome:31.0.1650.45
...
CWE    1
CWE-200
OVAL    52
oval:org.secpod.oval:def:40400
oval:org.secpod.oval:def:108248
oval:org.secpod.oval:def:40401
oval:org.secpod.oval:def:1600327
...

© SecPod Technologies