The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
References
Link Providers
http://advisories.mageia.org/MGASA-2013-0333.html cve-icon cve-icon
http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html cve-icon cve-icon
http://bugs.ghostscript.com/show_bug.cgi?id=686980 cve-icon cve-icon
http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html cve-icon cve-icon
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html cve-icon cve-icon
http://marc.info/?l=bugtraq&m=140852886808946&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=140852974709252&w=2 cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2013-1803.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2013-1804.html cve-icon cve-icon
http://secunia.com/advisories/56175 cve-icon cve-icon
http://secunia.com/advisories/58974 cve-icon cve-icon
http://secunia.com/advisories/59058 cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-201406-32.xml cve-icon cve-icon
http://support.apple.com/kb/HT6150 cve-icon cve-icon
http://support.apple.com/kb/HT6162 cve-icon cve-icon
http://support.apple.com/kb/HT6163 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21672080 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21676746 cve-icon cve-icon
http://www.debian.org/security/2013/dsa-2799 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2013:273 cve-icon cve-icon
http://www.mozilla.org/security/announce/2013/mfsa2013-116.html cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html cve-icon cve-icon
http://www.securityfocus.com/bid/63676 cve-icon cve-icon
http://www.securitytracker.com/id/1029470 cve-icon cve-icon
http://www.securitytracker.com/id/1029476 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2052-1 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2053-1 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2060-1 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2014:0413 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2014:0414 cve-icon cve-icon
https://bugzilla.mozilla.org/show_bug.cgi?id=891693 cve-icon cve-icon
https://code.google.com/p/chromium/issues/detail?id=258723 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2013-6629 cve-icon
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2013-6629 cve-icon cve-icon
https://security.gentoo.org/glsa/201606-03 cve-icon cve-icon
https://src.chromium.org/viewvc/chrome?revision=229729&view=revision cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2013-6629 cve-icon
https://www.ibm.com/support/docview.wss?uid=swg21675973 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-11-15T20:00:00

Updated: 2024-08-06T17:46:22.170Z

Reserved: 2013-11-05T00:00:00

Link: CVE-2013-6629

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2013-11-19T04:50:56.250

Modified: 2024-11-21T01:59:23.963

Link: CVE-2013-6629

cve-icon Redhat

Severity : Moderate

Publid Date: 2013-11-12T00:00:00Z

Links: CVE-2013-6629 - Bugzilla