CVE-2013-6629: Infoleak
First published: Tue Nov 12 2013(Updated: )
It was reported [1],[2] that libjpeg and libjpeg-turbo would use uninitialized memory when decoding images with missing SOS data for the luminance component (Y) in the presence of valid chroma data (Cr, Cb). An example proof of concept that can be viewed in a browser is also available [3]. This was reported and fixed initially in Google Chrome/Chromium; it does not appear to be fixed in upstream libjpeg or libjpeg-turbo yet. Patches to the third party source in Chromium for libjpeg [4] and libjpeg-turbo [5] however are available. [1] <a href="http://googlechromereleases.blogspot.de/2013/11/stable-channel-update.html">http://googlechromereleases.blogspot.de/2013/11/stable-channel-update.html</a> [2] <a href="http://packetstormsecurity.com/files/123989/IJG-jpeg6b-libjpeg-turbo-Uninitialized-Memory.html">http://packetstormsecurity.com/files/123989/IJG-jpeg6b-libjpeg-turbo-Uninitialized-Memory.html</a> [3] <a href="http://lcamtuf.coredump.cx/jpeg_leak/">http://lcamtuf.coredump.cx/jpeg_leak/</a> [4] <a href="http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libjpeg/jdmarker.c?r1=228354&r2=228353&pathrev=228354">http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libjpeg/jdmarker.c?r1=228354&r2=228353&pathrev=228354</a> [5] <a href="http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/libjpeg_turbo/jdmarker.c?r1=228381&r2=228380&pathrev=228381">http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/libjpeg_turbo/jdmarker.c?r1=228381&r2=228380&pathrev=228381</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/java | <1.7.0-oracle-1:1.7.0.55-1jpp.2.el5_10 | 1.7.0-oracle-1:1.7.0.55-1jpp.2.el5_10 |
| redhat/java | <1.6.0-sun-1:1.6.0.75-1jpp.3.el5_10 | 1.6.0-sun-1:1.6.0.75-1jpp.3.el5_10 |
| redhat/java | <1.7.0-oracle-1:1.7.0.55-1jpp.1.el6_5 | 1.7.0-oracle-1:1.7.0.55-1jpp.1.el6_5 |
| redhat/java | <1.6.0-sun-1:1.6.0.75-1jpp.1.el6_5 | 1.6.0-sun-1:1.6.0.75-1jpp.1.el6_5 |
| redhat/libjpeg-turbo | <0:1.2.1-3.el6_5 | 0:1.2.1-3.el6_5 |
| redhat/java | <1.6.0-ibm-1:1.6.0.16.0-1jpp.1.el5 | 1.6.0-ibm-1:1.6.0.16.0-1jpp.1.el5 |
| redhat/java | <1.7.0-ibm-1:1.7.0.7.0-1jpp.1.el5_10 | 1.7.0-ibm-1:1.7.0.7.0-1jpp.1.el5_10 |
| redhat/java | <1.6.0-ibm-1:1.6.0.16.0-1jpp.1.el5_10 | 1.6.0-ibm-1:1.6.0.16.0-1jpp.1.el5_10 |
| redhat/java | <1.5.0-ibm-1:1.5.0.16.6-1jpp.1.el5_10 | 1.5.0-ibm-1:1.5.0.16.6-1jpp.1.el5_10 |
| redhat/java | <1.7.0-ibm-1:1.7.0.7.0-1jpp.1.el6_5 | 1.7.0-ibm-1:1.7.0.7.0-1jpp.1.el6_5 |
| redhat/java | <1.6.0-ibm-1:1.6.0.16.0-1jpp.1.el6_5 | 1.6.0-ibm-1:1.6.0.16.0-1jpp.1.el6_5 |
| redhat/java | <1.5.0-ibm-1:1.5.0.16.6-1jpp.1.el6_5 | 1.5.0-ibm-1:1.5.0.16.6-1jpp.1.el6_5 |
| redhat/java | <1.7.1-ibm-1:1.7.1.1.0-1jpp.2.el7_0 | 1.7.1-ibm-1:1.7.1.1.0-1jpp.2.el7_0 |
| Google Chrome | <31.0.1650.48 | |
| Oracle Solaris | =11.3 | |
| Artifex Gpl Ghostscript | <9.03 | |
| Libjpeg-turbo Libjpeg-turbo | <1.3.1 | |
| Fedoraproject Fedora | =18 | |
| Fedoraproject Fedora | =19 | |
| Fedoraproject Fedora | =20 | |
| openSUSE openSUSE | =12.2 | |
| openSUSE openSUSE | =12.3 | |
| openSUSE openSUSE | =13.1 | |
| Canonical Ubuntu Linux | =10.04 | |
| Canonical Ubuntu Linux | =12.04 | |
| Canonical Ubuntu Linux | =12.10 | |
| Canonical Ubuntu Linux | =13.04 | |
| Canonical Ubuntu Linux | =13.10 | |
| Debian Debian Linux | =7.0 | |
| Debian Debian Linux | =8.0 | |
| Mozilla Firefox | <26.0 | |
| Mozilla Firefox ESR | <24.2 | |
| Mozilla SeaMonkey | <2.23 | |
| Mozilla Thunderbird | <24.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://advisories.mageia.org/MGASA-2013-0333.html
- http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html
- http://bugs.ghostscript.com/show_bug.cgi?id=686980
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
- http://marc.info/?l=bugtraq&m=140852886808946&w=2
- http://marc.info/?l=bugtraq&m=140852974709252&w=2
- http://rhn.redhat.com/errata/RHSA-2013-1803.html
- http://rhn.redhat.com/errata/RHSA-2013-1804.html
- http://secunia.com/advisories/56175
- http://secunia.com/advisories/58974
- http://secunia.com/advisories/59058
- http://security.gentoo.org/glsa/glsa-201406-32.xml
- http://support.apple.com/kb/HT6150
- http://support.apple.com/kb/HT6162
- http://support.apple.com/kb/HT6163
- http://www-01.ibm.com/support/docview.wss?uid=swg21672080
- http://www-01.ibm.com/support/docview.wss?uid=swg21676746
- http://www.debian.org/security/2013/dsa-2799
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:273
- http://www.mozilla.org/security/announce/2013/mfsa2013-116.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
- http://www.securityfocus.com/bid/63676
- http://www.securitytracker.com/id/1029470
- http://www.securitytracker.com/id/1029476
- http://www.ubuntu.com/usn/USN-2052-1
- http://www.ubuntu.com/usn/USN-2053-1
- http://www.ubuntu.com/usn/USN-2060-1
- https://access.redhat.com/errata/RHSA-2014:0413
- https://access.redhat.com/errata/RHSA-2014:0414
- https://bugzilla.mozilla.org/show_bug.cgi?id=891693
- https://code.google.com/p/chromium/issues/detail?id=258723
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2013-6629
- https://security.gentoo.org/glsa/201606-03
- https://src.chromium.org/viewvc/chrome?revision=229729&view=revision
- https://www.ibm.com/support/docview.wss?uid=swg21675973
- http://googlechromereleases.blogspot.de/2013/11/stable-channel-update.html
- http://packetstormsecurity.com/files/123989/IJG-jpeg6b-libjpeg-turbo-Uninitialized-Memory.html
- http://lcamtuf.coredump.cx/jpeg_leak/
- http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libjpeg/jdmarker.c?r1=228354&r2=228353&pathrev=228354
- http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/libjpeg_turbo/jdmarker.c?r1=228381&r2=228380&pathrev=228381
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1031737
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1031740
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1031741
- https://access.redhat.com/security/cve/CVE-2013-6629
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629
- https://rhn.redhat.com/errata/RHSA-2013-1804.html
- https://rhn.redhat.com/errata/RHSA-2013-1803.html
- https://rhn.redhat.com/errata/RHSA-2014-0413.html
- https://rhn.redhat.com/errata/RHSA-2014-0412.html
- http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5ccfde781cdb
- https://rhn.redhat.com/errata/RHSA-2014-0414.html
- https://rhn.redhat.com/errata/RHSA-2014-0486.html
- https://rhn.redhat.com/errata/RHSA-2014-0508.html
- https://rhn.redhat.com/errata/RHSA-2014-0509.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1106388
- https://rhn.redhat.com/errata/RHSA-2014-0705.html
- https://rhn.redhat.com/errata/RHSA-2014-0982.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1031734
- https://www.cve.org/CVERecord?id=CVE-2013-6629 https://nvd.nist.gov/vuln/detail/CVE-2013-6629
- https://access.redhat.com/errata/RHSA-2013:1804
- https://access.redhat.com/errata/RHSA-2013:1803
- https://access.redhat.com/errata/RHSA-2014:0982
- https://access.redhat.com/errata/RHSA-2014:0412
- https://access.redhat.com/errata/RHSA-2014:0486
- https://access.redhat.com/errata/RHSA-2014:0508
- https://access.redhat.com/errata/RHSA-2014:0509
- https://access.redhat.com/errata/RHSA-2014:0705
Parent vulnerabilities
(Appears in the following advisories)
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/remedy
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-6629
- agent/description
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- package-manager/redhat
- vendor/google
- canonical/google chrome
- vendor/oracle
- canonical/oracle solaris
- version/oracle solaris/11.3
- vendor/artifex
- canonical/artifex gpl ghostscript
- vendor/libjpeg-turbo
- canonical/libjpeg-turbo libjpeg-turbo
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/18
- version/fedoraproject fedora/19
- version/fedoraproject fedora/20
- vendor/opensuse
- canonical/opensuse opensuse
- version/opensuse opensuse/12.2
- version/opensuse opensuse/12.3
- version/opensuse opensuse/13.1
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/10.04
- version/canonical ubuntu linux/12.04
- version/canonical ubuntu linux/12.10
- version/canonical ubuntu linux/13.04
- version/canonical ubuntu linux/13.10
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/7.0
- version/debian debian linux/8.0
- vendor/mozilla
- canonical/mozilla firefox
- canonical/mozilla firefox esr
- canonical/mozilla seamonkey
- canonical/mozilla thunderbird