CVE-2013-6629: Infoleak
First published: Tue Nov 12 2013(Updated: )
It was reported [1],[2] that libjpeg and libjpeg-turbo would use uninitialized memory when decoding images with missing SOS data for the luminance component (Y) in the presence of valid chroma data (Cr, Cb). An example proof of concept that can be viewed in a browser is also available [3]. This was reported and fixed initially in Google Chrome/Chromium; it does not appear to be fixed in upstream libjpeg or libjpeg-turbo yet. Patches to the third party source in Chromium for libjpeg [4] and libjpeg-turbo [5] however are available. [1] <a href="http://googlechromereleases.blogspot.de/2013/11/stable-channel-update.html">http://googlechromereleases.blogspot.de/2013/11/stable-channel-update.html</a> [2] <a href="http://packetstormsecurity.com/files/123989/IJG-jpeg6b-libjpeg-turbo-Uninitialized-Memory.html">http://packetstormsecurity.com/files/123989/IJG-jpeg6b-libjpeg-turbo-Uninitialized-Memory.html</a> [3] <a href="http://lcamtuf.coredump.cx/jpeg_leak/">http://lcamtuf.coredump.cx/jpeg_leak/</a> [4] <a href="http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libjpeg/jdmarker.c?r1=228354&r2=228353&pathrev=228354">http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libjpeg/jdmarker.c?r1=228354&r2=228353&pathrev=228354</a> [5] <a href="http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/libjpeg_turbo/jdmarker.c?r1=228381&r2=228380&pathrev=228381">http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/libjpeg_turbo/jdmarker.c?r1=228381&r2=228380&pathrev=228381</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/java | <1.7.0-oracle-1:1.7.0.55-1jpp.2.el5_10 | 1.7.0-oracle-1:1.7.0.55-1jpp.2.el5_10 |
| redhat/java | <1.6.0-sun-1:1.6.0.75-1jpp.3.el5_10 | 1.6.0-sun-1:1.6.0.75-1jpp.3.el5_10 |
| redhat/java | <1.7.0-oracle-1:1.7.0.55-1jpp.1.el6_5 | 1.7.0-oracle-1:1.7.0.55-1jpp.1.el6_5 |
| redhat/java | <1.6.0-sun-1:1.6.0.75-1jpp.1.el6_5 | 1.6.0-sun-1:1.6.0.75-1jpp.1.el6_5 |
| redhat/libjpeg-turbo | <0:1.2.1-3.el6_5 | 0:1.2.1-3.el6_5 |
| redhat/java | <1.6.0-ibm-1:1.6.0.16.0-1jpp.1.el5 | 1.6.0-ibm-1:1.6.0.16.0-1jpp.1.el5 |
| redhat/java | <1.7.0-ibm-1:1.7.0.7.0-1jpp.1.el5_10 | 1.7.0-ibm-1:1.7.0.7.0-1jpp.1.el5_10 |
| redhat/java | <1.6.0-ibm-1:1.6.0.16.0-1jpp.1.el5_10 | 1.6.0-ibm-1:1.6.0.16.0-1jpp.1.el5_10 |
| redhat/java | <1.5.0-ibm-1:1.5.0.16.6-1jpp.1.el5_10 | 1.5.0-ibm-1:1.5.0.16.6-1jpp.1.el5_10 |
| redhat/java | <1.7.0-ibm-1:1.7.0.7.0-1jpp.1.el6_5 | 1.7.0-ibm-1:1.7.0.7.0-1jpp.1.el6_5 |
| redhat/java | <1.6.0-ibm-1:1.6.0.16.0-1jpp.1.el6_5 | 1.6.0-ibm-1:1.6.0.16.0-1jpp.1.el6_5 |
| redhat/java | <1.5.0-ibm-1:1.5.0.16.6-1jpp.1.el6_5 | 1.5.0-ibm-1:1.5.0.16.6-1jpp.1.el6_5 |
| redhat/java | <1.7.1-ibm-1:1.7.1.1.0-1jpp.2.el7_0 | 1.7.1-ibm-1:1.7.1.1.0-1jpp.2.el7_0 |
| Google Chrome (Trace Event) | <31.0.1650.48 | |
| Oracle Solaris and Zettabyte File System (ZFS) | =11.3 | |
| Ghostscript | <9.03 | |
| Libjpeg-turbo-devel | <1.3.1 | |
| Fedora | =18 | |
| Fedora | =19 | |
| Fedora | =20 | |
| SUSE Linux | =12.2 | |
| SUSE Linux | =12.3 | |
| SUSE Linux | =13.1 | |
| Ubuntu | =10.04 | |
| Ubuntu | =12.04 | |
| Ubuntu | =12.10 | |
| Ubuntu | =13.04 | |
| Ubuntu | =13.10 | |
| Debian | =7.0 | |
| Debian | =8.0 | |
| Firefox | <26.0 | |
| Firefox ESR | <24.2 | |
| Mozilla SeaMonkey | <2.23 | |
| Thunderbird | <24.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://advisories.mageia.org/MGASA-2013-0333.html
- http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html
- http://bugs.ghostscript.com/show_bug.cgi?id=686980
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://marc.info/?l=bugtraq&m=140852886808946&w=2
- http://marc.info/?l=bugtraq&m=140852974709252&w=2
- http://rhn.redhat.com/errata/RHSA-2013-1803.html
- http://rhn.redhat.com/errata/RHSA-2013-1804.html
- http://secunia.com/advisories/56175
- http://secunia.com/advisories/58974
- http://secunia.com/advisories/59058
- http://security.gentoo.org/glsa/glsa-201406-32.xml
- http://support.apple.com/kb/HT6150
- http://support.apple.com/kb/HT6162
- http://support.apple.com/kb/HT6163
- http://www-01.ibm.com/support/docview.wss?uid=swg21672080
- http://www-01.ibm.com/support/docview.wss?uid=swg21676746
- http://www.debian.org/security/2013/dsa-2799
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:273
- http://www.mozilla.org/security/announce/2013/mfsa2013-116.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
- http://www.securityfocus.com/bid/63676
- http://www.securitytracker.com/id/1029470
- http://www.securitytracker.com/id/1029476
- http://www.ubuntu.com/usn/USN-2052-1
- http://www.ubuntu.com/usn/USN-2053-1
- http://www.ubuntu.com/usn/USN-2060-1
- https://access.redhat.com/errata/RHSA-2014:0413
- https://access.redhat.com/errata/RHSA-2014:0414
- https://bugzilla.mozilla.org/show_bug.cgi?id=891693
- https://code.google.com/p/chromium/issues/detail?id=258723
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2013-6629
- https://security.gentoo.org/glsa/201606-03
- https://src.chromium.org/viewvc/chrome?revision=229729&view=revision
- https://www.ibm.com/support/docview.wss?uid=swg21675973
- http://googlechromereleases.blogspot.de/2013/11/stable-channel-update.html
- http://packetstormsecurity.com/files/123989/IJG-jpeg6b-libjpeg-turbo-Uninitialized-Memory.html
- http://lcamtuf.coredump.cx/jpeg_leak/
- http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libjpeg/jdmarker.c?r1=228354&r2=228353&pathrev=228354
- http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/libjpeg_turbo/jdmarker.c?r1=228381&r2=228380&pathrev=228381
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1031737
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1031740
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1031741
- https://access.redhat.com/security/cve/CVE-2013-6629
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629
- https://rhn.redhat.com/errata/RHSA-2013-1804.html
- https://rhn.redhat.com/errata/RHSA-2013-1803.html
- https://rhn.redhat.com/errata/RHSA-2014-0413.html
- https://rhn.redhat.com/errata/RHSA-2014-0412.html
- http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5ccfde781cdb
- https://rhn.redhat.com/errata/RHSA-2014-0414.html
- https://rhn.redhat.com/errata/RHSA-2014-0486.html
- https://rhn.redhat.com/errata/RHSA-2014-0508.html
- https://rhn.redhat.com/errata/RHSA-2014-0509.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1106388
- https://rhn.redhat.com/errata/RHSA-2014-0705.html
- https://rhn.redhat.com/errata/RHSA-2014-0982.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1031734
- https://www.cve.org/CVERecord?id=CVE-2013-6629 https://nvd.nist.gov/vuln/detail/CVE-2013-6629
- https://access.redhat.com/errata/RHSA-2013:1804
- https://access.redhat.com/errata/RHSA-2013:1803
- https://access.redhat.com/errata/RHSA-2014:0982
- https://access.redhat.com/errata/RHSA-2014:0412
- https://access.redhat.com/errata/RHSA-2014:0486
- https://access.redhat.com/errata/RHSA-2014:0508
- https://access.redhat.com/errata/RHSA-2014:0509
- https://access.redhat.com/errata/RHSA-2014:0705
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2013-6629?
The severity of CVE-2013-6629 is rated as moderate, but it can lead to potential security issues due to uninitialized memory usage.
How do I fix CVE-2013-6629?
To fix CVE-2013-6629, update the affected software to the recommended versions such as libjpeg-turbo 1.2.1-3.el6_5 or the respective patched versions for Java.
What software is affected by CVE-2013-6629?
CVE-2013-6629 affects several packages, including libjpeg-turbo and various Java versions from Red Hat.
Can exploiting CVE-2013-6629 lead to information leakage?
Yes, exploiting CVE-2013-6629 could potentially lead to information leakage due to the way uninitialized memory is handled.
Are there known exploits for CVE-2013-6629?
While there is a proof of concept available, specific public exploits for CVE-2013-6629 have not been widely reported.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/remedy
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-6629
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/google
- canonical/google chrome (trace event)
- vendor/oracle
- canonical/oracle solaris and zettabyte file system (zfs)
- version/oracle solaris and zettabyte file system (zfs)/11.3
- vendor/artifex
- canonical/ghostscript
- vendor/libjpeg-turbo
- canonical/libjpeg-turbo-devel
- vendor/fedoraproject
- canonical/fedora
- version/fedora/18
- version/fedora/19
- version/fedora/20
- vendor/opensuse
- canonical/suse linux
- version/suse linux/12.2
- version/suse linux/12.3
- version/suse linux/13.1
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/10.04
- version/ubuntu/12.04
- version/ubuntu/12.10
- version/ubuntu/13.04
- version/ubuntu/13.10
- vendor/debian
- canonical/debian
- version/debian/7.0
- version/debian/8.0
- vendor/mozilla
- canonical/firefox
- canonical/firefox esr
- canonical/mozilla seamonkey
- canonical/thunderbird