CVE-2013-6629

CVSS V2 Medium 5 CVSS V3 None
Description
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Overview
  • CVE ID
  • CVE-2013-6629
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2013-11-19T04:50:56
  • Last Modified Date
  • 2018-01-05T02:29:45
Weakness Enumerations
CWE URL
CWE-200 http://cwe.mitre.org/data/definitions/200.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* 1 OR 31.0.1650.47
cpe:2.3:a:google:chrome:31.0.1650.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.13:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.14:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.15:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.16:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.17:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.18:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.19:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.20:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.22:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.23:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.25:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.26:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.27:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.28:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.29:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.30:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.31:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.32:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.33:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.34:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.35:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.36:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.37:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.38:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.39:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.41:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.42:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.43:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.44:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.45:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:google:chrome:31.0.1650.46:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:artifex:gpl_ghostscript:-:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:P/I:N/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • NONE
  • Availability Impact
  • NONE
  • Base Score
  • 5
  • Severity
  • MEDIUM
  • Exploitability Score
  • 10
  • Impact Score
  • 2.9
References
Reference URL Reference Tags
https://code.google.com/p/chromium/issues/detail?id=258723
https://src.chromium.org/viewvc/chrome?revision=229729&view=revision
http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html
http://bugs.ghostscript.com/show_bug.cgi?id=686980
http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html Vendor Advisory
http://www.mozilla.org/security/announce/2013/mfsa2013-116.html
https://bugzilla.mozilla.org/show_bug.cgi?id=891693 Issue Tracking
http://www.debian.org/security/2013/dsa-2799
http://rhn.redhat.com/errata/RHSA-2013-1803.html
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
http://rhn.redhat.com/errata/RHSA-2013-1804.html
http://www.ubuntu.com/usn/USN-2053-1
http://www.ubuntu.com/usn/USN-2052-1
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html
http://secunia.com/advisories/56175
http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html
http://www.ubuntu.com/usn/USN-2060-1
http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
http://support.apple.com/kb/HT6150
http://www.mandriva.com/security/advisories?name=MDVSA-2013:273
http://advisories.mageia.org/MGASA-2013-0333.html
http://support.apple.com/kb/HT6163
http://support.apple.com/kb/HT6162
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
http://www-01.ibm.com/support/docview.wss?uid=swg21672080
http://www-01.ibm.com/support/docview.wss?uid=swg21676746
http://secunia.com/advisories/58974
http://secunia.com/advisories/59058
https://www.ibm.com/support/docview.wss?uid=swg21675973
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://www.securitytracker.com/id/1029476
http://www.securitytracker.com/id/1029470
https://security.gentoo.org/glsa/201606-03
http://marc.info/?l=bugtraq&m=140852974709252&w=2
http://marc.info/?l=bugtraq&m=140852886808946&w=2
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2013-6629
http://www.securityfocus.com/bid/63676
https://access.redhat.com/errata/RHSA-2014:0414
https://access.redhat.com/errata/RHSA-2014:0413
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2013-6629
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629
History
Created Old Value New Value Data Type Notes
2022-05-10 18:53:14 Added to TrackCVE
2022-12-01 20:49:29 2013-11-19T04:50Z 2013-11-19T04:50:56 CVE Published Date updated
2022-12-01 20:49:29 2018-01-05T02:29:45 CVE Modified Date updated
2022-12-01 20:49:29 Modified Vulnerability Status updated