CVE-2013-6630

NameCVE-2013-6630
DescriptionThe get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-2799-1
NVD severitymedium (attack range: remote)
Debian Bugs729867, 729873
Debian/oldstablepackages chromium-browser, icedove, iceweasel, libjpeg6b, libjpeg8 are vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
chromium-browser (PTS)squeeze (security), squeeze6.0.472.63~r59945-5+squeeze6vulnerable
wheezy, wheezy (security)37.0.2062.120-1~deb7u1fixed
jessie, sid41.0.2272.76-2fixed
iceape (PTS)squeeze (security)2.0.11-17vulnerable
icedove (PTS)squeeze (security), squeeze3.0.11-1+squeeze15vulnerable
wheezy31.3.0-1~deb7u1fixed
wheezy (security)31.5.0-1~deb7u1fixed
jessie, sid31.5.0-1fixed
iceweasel (PTS)squeeze (security), squeeze3.5.16-20vulnerable
wheezy31.3.0esr-1~deb7u1fixed
wheezy (security)31.6.0esr-1~deb7u1fixed
jessie31.5.3esr-1fixed
sid31.6.0esr-1fixed
libjpeg-turbo (PTS)jessie, sid1:1.3.1-12fixed
libjpeg6b (PTS)squeeze6b1-1vulnerable
wheezy6b1-3+deb7u1fixed
libjpeg8 (PTS)squeeze8b-1vulnerable
wheezy8d-1+deb7u1fixed
sid8d1-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chromium-browsersource(unstable)31.0.1650.57-1medium
chromium-browsersourcesqueeze(unfixed)end-of-life
chromium-browsersourcewheezy31.0.1650.57-1~deb7u1mediumDSA-2799-1
iceapesource(unstable)(unfixed)medium
iceapesourcesqueeze(unfixed)end-of-life
iceapesourcewheezy(unfixed)end-of-life
icedovesource(unstable)24.2.0-1medium
icedovesourcesqueeze(unfixed)end-of-life
iceweaselsource(unstable)24.2.0esr-1medium
iceweaselsourcesqueeze(unfixed)end-of-life
libjpeg-turbosource(unstable)1.3.0-3low729873
libjpeg6bsource(unstable)6b1-4low729867
libjpeg6bsourcewheezy6b1-3+deb7u1medium
libjpeg8source(unstable)8d-2low729867
libjpeg8sourcewheezy8d-1+deb7u1medium

Notes

[squeeze] - libjpeg6b <no-dsa> (Minor issue)
[squeeze] - libjpeg8 <no-dsa> (Minor issue)
http://packetstormsecurity.com/files/123989/IJG-jpeg6b-libjpeg-turbo-Uninitialized-Memory.html

Search for package or bug name: Reporting problems