CVE-2013-6629

Source
https://nvd.nist.gov/vuln/detail/CVE-2013-6629
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2013-6629.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2013-6629
Related
Published
2013-11-19T04:50:56Z
Modified
2024-06-30T12:01:22Z
Summary
[none]
Details

The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.

References

Affected packages

Debian:11 / libjpeg-turbo

Package

Name
libjpeg-turbo
Purl
pkg:deb/debian/libjpeg-turbo?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.0-3

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / libjpeg-turbo

Package

Name
libjpeg-turbo
Purl
pkg:deb/debian/libjpeg-turbo?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.0-3

Ecosystem specific

{
    "urgency": "low"
}

Debian:13 / libjpeg-turbo

Package

Name
libjpeg-turbo
Purl
pkg:deb/debian/libjpeg-turbo?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.0-3

Ecosystem specific

{
    "urgency": "low"
}