Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2013-6630

Published: Nov 19, 2013 | Modified: Nov 07, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
4.3 MODERATE
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V3
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2013-6630
CWEhttps://cwe.mitre.org/data/definitions/189.html

The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.

Affected Software

Name Vendor Start Version End Version
Chrome Google * 31.0.1650.47 (including)
Chrome Google 31.0.1650.0 (including) 31.0.1650.0 (including)
Chrome Google 31.0.1650.2 (including) 31.0.1650.2 (including)
Chrome Google 31.0.1650.3 (including) 31.0.1650.3 (including)
Chrome Google 31.0.1650.4 (including) 31.0.1650.4 (including)
Chrome Google 31.0.1650.5 (including) 31.0.1650.5 (including)
Chrome Google 31.0.1650.6 (including) 31.0.1650.6 (including)
Chrome Google 31.0.1650.7 (including) 31.0.1650.7 (including)
Chrome Google 31.0.1650.8 (including) 31.0.1650.8 (including)
Chrome Google 31.0.1650.9 (including) 31.0.1650.9 (including)
Chrome Google 31.0.1650.10 (including) 31.0.1650.10 (including)
Chrome Google 31.0.1650.11 (including) 31.0.1650.11 (including)
Chrome Google 31.0.1650.12 (including) 31.0.1650.12 (including)
Chrome Google 31.0.1650.13 (including) 31.0.1650.13 (including)
Chrome Google 31.0.1650.14 (including) 31.0.1650.14 (including)
Chrome Google 31.0.1650.15 (including) 31.0.1650.15 (including)
Chrome Google 31.0.1650.16 (including) 31.0.1650.16 (including)
Chrome Google 31.0.1650.17 (including) 31.0.1650.17 (including)
Chrome Google 31.0.1650.18 (including) 31.0.1650.18 (including)
Chrome Google 31.0.1650.19 (including) 31.0.1650.19 (including)
Chrome Google 31.0.1650.20 (including) 31.0.1650.20 (including)
Chrome Google 31.0.1650.22 (including) 31.0.1650.22 (including)
Chrome Google 31.0.1650.23 (including) 31.0.1650.23 (including)
Chrome Google 31.0.1650.25 (including) 31.0.1650.25 (including)
Chrome Google 31.0.1650.26 (including) 31.0.1650.26 (including)
Chrome Google 31.0.1650.27 (including) 31.0.1650.27 (including)
Chrome Google 31.0.1650.28 (including) 31.0.1650.28 (including)
Chrome Google 31.0.1650.29 (including) 31.0.1650.29 (including)
Chrome Google 31.0.1650.30 (including) 31.0.1650.30 (including)
Chrome Google 31.0.1650.31 (including) 31.0.1650.31 (including)
Chrome Google 31.0.1650.32 (including) 31.0.1650.32 (including)
Chrome Google 31.0.1650.33 (including) 31.0.1650.33 (including)
Chrome Google 31.0.1650.34 (including) 31.0.1650.34 (including)
Chrome Google 31.0.1650.35 (including) 31.0.1650.35 (including)
Chrome Google 31.0.1650.36 (including) 31.0.1650.36 (including)
Chrome Google 31.0.1650.37 (including) 31.0.1650.37 (including)
Chrome Google 31.0.1650.38 (including) 31.0.1650.38 (including)
Chrome Google 31.0.1650.39 (including) 31.0.1650.39 (including)
Chrome Google 31.0.1650.41 (including) 31.0.1650.41 (including)
Chrome Google 31.0.1650.42 (including) 31.0.1650.42 (including)
Chrome Google 31.0.1650.43 (including) 31.0.1650.43 (including)
Chrome Google 31.0.1650.44 (including) 31.0.1650.44 (including)
Chrome Google 31.0.1650.45 (including) 31.0.1650.45 (including)
Chrome Google 31.0.1650.46 (including) 31.0.1650.46 (including)
Firefox Ubuntu lucid *
Firefox Ubuntu precise *
Firefox Ubuntu quantal *
Firefox Ubuntu raring *
Firefox Ubuntu saucy *
Firefox Ubuntu upstream *
Libjpeg-turbo Ubuntu devel *
Libjpeg-turbo Ubuntu precise *
Libjpeg-turbo Ubuntu quantal *
Libjpeg-turbo Ubuntu raring *
Libjpeg-turbo Ubuntu saucy *
Libjpeg-turbo Ubuntu upstream *
Libjpeg6b Ubuntu lucid *
Libjpeg6b Ubuntu precise *
Libjpeg6b Ubuntu quantal *
Libjpeg6b Ubuntu raring *
Libjpeg6b Ubuntu saucy *
Libjpeg6b Ubuntu upstream *
Thunderbird Ubuntu devel *
Thunderbird Ubuntu lucid *
Thunderbird Ubuntu precise *
Thunderbird Ubuntu quantal *
Thunderbird Ubuntu raring *
Thunderbird Ubuntu saucy *
Thunderbird Ubuntu upstream *
Red Hat Enterprise Linux 6 RedHat libjpeg-turbo-0:1.2.1-3.el6_5 *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use