CVE-2013-6629

NameCVE-2013-6629
DescriptionThe get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2799-1, DSA-2923-1
NVD severitymedium
Debian Bugs729867, 729873

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
chromium-browser (PTS)stretch70.0.3538.110-1~deb9u1fixed
stretch (security)71.0.3578.80-1~deb9u1fixed
libjpeg-turbo (PTS)stretch1:1.5.1-2fixed
stretch (security)1:1.5.1-2+deb9u1fixed
buster1:1.5.2-2+deb10u1fixed
bookworm, sid, bullseye1:2.0.6-4fixed
libjpeg6b (PTS)sid1:6b2-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chromium-browsersourcesqueeze(unfixed)end-of-life
chromium-browsersourcewheezy31.0.1650.57-1~deb7u1DSA-2799-1
chromium-browsersource(unstable)31.0.1650.57-1
iceapesourcesqueeze(unfixed)end-of-life
iceapesourcewheezy(unfixed)end-of-life
iceapesource(unstable)(unfixed)
icedovesourcesqueeze(unfixed)end-of-life
icedovesource(unstable)24.2.0-1
iceweaselsourcesqueeze(unfixed)end-of-life
iceweaselsource(unstable)24.2.0esr-1
libjpeg-turbosource(unstable)1.3.0-3low729873
libjpeg6bsourcewheezy6b1-3+deb7u1
libjpeg6bsource(unstable)6b1-4low729867
libjpeg8sourcewheezy8d-1+deb7u1
libjpeg8source(unstable)8d-2low729867
openjdk-7sourcewheezy7u55-2.4.7-1~deb7u1DSA-2923-1

Notes

[squeeze] - libjpeg6b <no-dsa> (Minor issue)
[squeeze] - libjpeg8 <no-dsa> (Minor issue)
http://packetstormsecurity.com/files/123989/IJG-jpeg6b-libjpeg-turbo-Uninitialized-Memory.html

Search for package or bug name: Reporting problems