CVE-2013-6629

NameCVE-2013-6629
DescriptionThe get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-2799-1, DSA-2923-1
NVD severitymedium (attack range: remote)
Debian Bugs729867, 729873
Debian/oldoldstablepackages chromium-browser, icedove, iceweasel, libjpeg6b, libjpeg8 are vulnerable.
Debian/oldstablepackage openjdk-7 is vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
chromium-browser (PTS)squeeze, squeeze (security)6.0.472.63~r59945-5+squeeze6vulnerable
wheezy, wheezy (security)37.0.2062.120-1~deb7u1fixed
jessie (security), jessie43.0.2357.65-1~deb8u1fixed
stretch, sid43.0.2357.130-1fixed
iceape (PTS)squeeze (security)2.0.11-17vulnerable
icedove (PTS)squeeze, squeeze (security)3.0.11-1+squeeze15vulnerable
wheezy31.3.0-1~deb7u1fixed
wheezy (security)31.7.0-1~deb7u1fixed
jessie (security), jessie31.7.0-1~deb8u1fixed
stretch, sid31.7.0-1fixed
iceweasel (PTS)squeeze, squeeze (security)3.5.16-20vulnerable
wheezy31.3.0esr-1~deb7u1fixed
wheezy (security)31.8.0esr-1~deb7u1fixed
jessie31.6.0esr-1fixed
jessie (security)31.8.0esr-1~deb8u1fixed
stretch38.0.1-5fixed
sid38.1.0esr-2fixed
libjpeg-turbo (PTS)jessie1:1.3.1-12fixed
stretch, sid1:1.4.0-7fixed
libjpeg6b (PTS)squeeze6b1-1vulnerable
wheezy6b1-3+deb7u1fixed
stretch, sid1:6b2-2fixed
libjpeg8 (PTS)squeeze8b-1vulnerable
wheezy8d-1+deb7u1fixed
stretch, sid8d1-2fixed
openjdk-7 (PTS)wheezy7u3-2.1.7-1vulnerable
wheezy (security)7u79-2.5.5-1~deb7u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chromium-browsersource(unstable)31.0.1650.57-1medium
chromium-browsersourcesqueeze(unfixed)end-of-life
chromium-browsersourcewheezy31.0.1650.57-1~deb7u1mediumDSA-2799-1
iceapesource(unstable)(unfixed)medium
iceapesourcesqueeze(unfixed)end-of-life
iceapesourcewheezy(unfixed)end-of-life
icedovesource(unstable)24.2.0-1medium
icedovesourcesqueeze(unfixed)end-of-life
iceweaselsource(unstable)24.2.0esr-1medium
iceweaselsourcesqueeze(unfixed)end-of-life
libjpeg-turbosource(unstable)1.3.0-3low729873
libjpeg6bsource(unstable)6b1-4low729867
libjpeg6bsourcewheezy6b1-3+deb7u1medium
libjpeg8source(unstable)8d-2low729867
libjpeg8sourcewheezy8d-1+deb7u1medium
openjdk-7sourcewheezy7u55-2.4.7-1~deb7u1mediumDSA-2923-1

Notes

[squeeze] - libjpeg6b <no-dsa> (Minor issue)
[squeeze] - libjpeg8 <no-dsa> (Minor issue)
http://packetstormsecurity.com/files/123989/IJG-jpeg6b-libjpeg-turbo-Uninitialized-Memory.html

Search for package or bug name: Reporting problems