CVE-2013-6629

NameCVE-2013-6629
DescriptionThe get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-2799-1, DSA-2923-1
Debian Bugs729867, 729873

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libjpeg-turbo (PTS)bullseye1:2.0.6-4fixed
bookworm1:2.1.5-2fixed
sid, trixie1:2.1.5-3fixed
libjpeg6b (PTS)sid1:6b2-3.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chromium-browsersourcesqueeze(unfixed)end-of-life
chromium-browsersourcewheezy31.0.1650.57-1~deb7u1DSA-2799-1
chromium-browsersource(unstable)31.0.1650.57-1
iceapesourcesqueeze(unfixed)end-of-life
iceapesourcewheezy(unfixed)end-of-life
iceapesource(unstable)(unfixed)
icedovesourcesqueeze(unfixed)end-of-life
icedovesource(unstable)24.2.0-1
iceweaselsourcesqueeze(unfixed)end-of-life
iceweaselsource(unstable)24.2.0esr-1
libjpeg-turbosource(unstable)1.3.0-3low729873
libjpeg6bsourcewheezy6b1-3+deb7u1
libjpeg6bsource(unstable)6b1-4low729867
libjpeg8sourcewheezy8d-1+deb7u1
libjpeg8source(unstable)8d-2low729867
openjdk-7sourcewheezy7u55-2.4.7-1~deb7u1DSA-2923-1

Notes

[squeeze] - libjpeg6b <no-dsa> (Minor issue)
[squeeze] - libjpeg8 <no-dsa> (Minor issue)
http://packetstormsecurity.com/files/123989/IJG-jpeg6b-libjpeg-turbo-Uninitialized-Memory.html

Search for package or bug name: Reporting problems