CVE-2013-6630

NameCVE-2013-6630
DescriptionThe get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2799-1
NVD severitymedium (attack range: remote)
Debian Bugs729867, 729873

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
chromium-browser (PTS)wheezy (security), wheezy37.0.2062.120-1~deb7u1fixed
jessie53.0.2785.89-1~deb8u1fixed
jessie (security)53.0.2785.113-1~deb8u1fixed
stretch, sid53.0.2785.113-1fixed
icedove (PTS)wheezy38.7.0-1~deb7u1fixed
wheezy (security)1:45.2.0-2~deb7u1fixed
jessie (security), jessie1:45.2.0-1~deb8u1fixed
stretch1:45.2.0-4fixed
sid1:45.3.0-1fixed
iceweasel (PTS)wheezy (security), wheezy38.8.0esr-1~deb7u1fixed
jessie (security)38.8.0esr-1~deb8u1fixed
libjpeg-turbo (PTS)jessie1:1.3.1-12fixed
stretch1:1.5.0-1fixed
sid1:1.5.1-1fixed
libjpeg6b (PTS)wheezy6b1-3+deb7u1fixed
sid1:6b2-2fixed
libjpeg8 (PTS)wheezy8d-1+deb7u1fixed
sid8d1-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chromium-browsersource(unstable)31.0.1650.57-1medium
chromium-browsersourcesqueeze(unfixed)end-of-life
chromium-browsersourcewheezy31.0.1650.57-1~deb7u1mediumDSA-2799-1
iceapesource(unstable)(unfixed)medium
iceapesourcesqueeze(unfixed)end-of-life
iceapesourcewheezy(unfixed)end-of-life
icedovesource(unstable)24.2.0-1medium
icedovesourcesqueeze(unfixed)end-of-life
iceweaselsource(unstable)24.2.0esr-1medium
iceweaselsourcesqueeze(unfixed)end-of-life
libjpeg-turbosource(unstable)1.3.0-3low729873
libjpeg6bsource(unstable)6b1-4low729867
libjpeg6bsourcewheezy6b1-3+deb7u1medium
libjpeg8source(unstable)8d-2low729867
libjpeg8sourcewheezy8d-1+deb7u1medium

Notes

[squeeze] - libjpeg6b <no-dsa> (Minor issue)
[squeeze] - libjpeg8 <no-dsa> (Minor issue)
http://packetstormsecurity.com/files/123989/IJG-jpeg6b-libjpeg-turbo-Uninitialized-Memory.html

Search for package or bug name: Reporting problems