FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2013-6629

This CVE name corresponds to:

Entered Topic
2013-12-14 mozilla -- multiple vulnerabilities
2013-11-12 chromium -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2013-6629 at cve.mitre.org

Details

Type Candidate
Name CVE-2013-6629
Phase Assigned(20131105)

Description

The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.

References

Source Reference
FULLDISC 20131112 bugs in IJG jpeg6b & libjpeg-turbo
CONFIRM http://bugs.ghostscript.com/show_bug.cgi?id=686980
CONFIRM http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
CONFIRM https://code.google.com/p/chromium/issues/detail?id=258723
CONFIRM https://src.chromium.org/viewvc/chrome?revision=229729&view=revision
CONFIRM http://www.mozilla.org/security/announce/2013/mfsa2013-116.html
CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=891693
CONFIRM http://advisories.mageia.org/MGASA-2013-0333.html
CONFIRM http://support.apple.com/kb/HT6150
CONFIRM http://support.apple.com/kb/HT6162
CONFIRM http://support.apple.com/kb/HT6163
CONFIRM http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21672080
CONFIRM https://www.ibm.com/support/docview.wss?uid=swg21675973
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676746
DEBIAN DSA-2799
FEDORA FEDORA-2013-23127
FEDORA FEDORA-2013-23291
FEDORA FEDORA-2013-23295
FEDORA FEDORA-2013-23519
GENTOO GLSA-201406-32
GENTOO GLSA-201606-03
MANDRIVA MDVSA-2013:273
REDHAT RHSA-2013:1803
REDHAT RHSA-2013:1804
SUSE openSUSE-SU-2013:1776
SUSE openSUSE-SU-2013:1777
SUSE openSUSE-SU-2013:1861
SUSE openSUSE-SU-2013:1957
SUSE openSUSE-SU-2013:1958
SUSE openSUSE-SU-2013:1959
SUSE openSUSE-SU-2014:0008
SUSE openSUSE-SU-2013:1916
SUSE openSUSE-SU-2013:1917
SUSE openSUSE-SU-2013:1918
SUSE openSUSE-SU-2014:0065
UBUNTU USN-2052-1
UBUNTU USN-2053-1
UBUNTU USN-2060-1
SECTRACK 1029470
SECTRACK 1029476
SECUNIA 56175
SECUNIA 58974
SECUNIA 59058

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.