CVE-2013-6629

Name	CVE-2013-6629
Description	The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-2799-1, DSA-2923-1
Debian Bugs	729867, 729873

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
libjpeg-turbo (PTS)	buster	1:1.5.2-2+deb10u1	fixed
	bullseye	1:2.0.6-4	fixed
	sid, trixie, bookworm	1:2.1.5-2	fixed
libjpeg6b (PTS)	sid	1:6b2-3.1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
chromium-browser	source	squeeze	(unfixed)	end-of-life
chromium-browser	source	wheezy	31.0.1650.57-1~deb7u1		DSA-2799-1
chromium-browser	source	(unstable)	31.0.1650.57-1
iceape	source	squeeze	(unfixed)	end-of-life
iceape	source	wheezy	(unfixed)	end-of-life
iceape	source	(unstable)	(unfixed)
icedove	source	squeeze	(unfixed)	end-of-life
icedove	source	(unstable)	24.2.0-1
iceweasel	source	squeeze	(unfixed)	end-of-life
iceweasel	source	(unstable)	24.2.0esr-1
libjpeg-turbo	source	(unstable)	1.3.0-3	low		729873
libjpeg6b	source	wheezy	6b1-3+deb7u1
libjpeg6b	source	(unstable)	6b1-4	low		729867
libjpeg8	source	wheezy	8d-1+deb7u1
libjpeg8	source	(unstable)	8d-2	low		729867
openjdk-7	source	wheezy	7u55-2.4.7-1~deb7u1		DSA-2923-1

Notes

[squeeze] - libjpeg6b <no-dsa> (Minor issue)
[squeeze] - libjpeg8 <no-dsa> (Minor issue)
http://packetstormsecurity.com/files/123989/IJG-jpeg6b-libjpeg-turbo-Uninitialized-Memory.html