CVE-2013-6630

NameCVE-2013-6630
DescriptionThe get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-2799-1
Debian Bugs729867, 729873

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libjpeg-turbo (PTS)bullseye1:2.0.6-4fixed
bookworm1:2.1.5-2fixed
sid, trixie1:2.1.5-3fixed
libjpeg6b (PTS)sid1:6b2-3.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chromium-browsersourcesqueeze(unfixed)end-of-life
chromium-browsersourcewheezy31.0.1650.57-1~deb7u1DSA-2799-1
chromium-browsersource(unstable)31.0.1650.57-1
iceapesourcesqueeze(unfixed)end-of-life
iceapesourcewheezy(unfixed)end-of-life
iceapesource(unstable)(unfixed)
icedovesourcesqueeze(unfixed)end-of-life
icedovesource(unstable)24.2.0-1
iceweaselsourcesqueeze(unfixed)end-of-life
iceweaselsource(unstable)24.2.0esr-1
libjpeg-turbosource(unstable)1.3.0-3low729873
libjpeg6bsourcewheezy6b1-3+deb7u1
libjpeg6bsource(unstable)6b1-4low729867
libjpeg8sourcewheezy8d-1+deb7u1
libjpeg8source(unstable)8d-2low729867

Notes

[squeeze] - libjpeg6b <no-dsa> (Minor issue)
[squeeze] - libjpeg8 <no-dsa> (Minor issue)
http://packetstormsecurity.com/files/123989/IJG-jpeg6b-libjpeg-turbo-Uninitialized-Memory.html

Search for package or bug name: Reporting problems