Vulnerability Details : CVE-2013-6630
The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Products affected by CVE-2013-6630
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.43:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.42:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.34:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.33:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.25:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.23:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.15:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.14:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.7:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.6:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.5:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.45:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.36:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.35:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.27:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.26:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.17:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.16:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.9:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.8:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.46:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.38:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.37:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.29:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.28:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.19:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.18:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.11:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.10:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.2:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.41:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.39:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.32:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.31:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.30:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.22:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.20:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.13:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.12:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.4:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:31.0.1650.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-6630
0.88%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-6630
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2013-6630
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6630
-
http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html
openSUSE-SU-2013:1958-1: moderate: update for MozillaThunderbird
-
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
[security-announce] openSUSE-SU-2013:1777-1: important: chromium: update
-
http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html
openSUSE-SU-2013:1918-1: moderate: update for MozillaFirefox
-
http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html
openSUSE-SU-2013:1959-1: moderate: update for MozillaThunderbird
-
http://www.ubuntu.com/usn/USN-2053-1
USN-2053-1: Thunderbird vulnerabilities | Ubuntu security notices
-
http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
openSUSE-SU-2014:0065-1: moderate: update for chromium
-
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html
[SECURITY] Fedora 19 Update: firefox-26.0-2.fc19
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Oracle Solaris Bulletin - April 2016
-
http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html
-
https://security.gentoo.org/glsa/201606-03
libjpeg-turbo: Multiple vulnerabilities (GLSA 201606-03) — Gentoo security
-
https://code.google.com/p/chromium/issues/detail?id=299835
299835 - libjpeg_turbo huffval infoleak - chromium - Monorail
-
http://www.mandriva.com/security/advisories?name=MDVSA-2013:273
mandriva.com
-
http://www.mozilla.org/security/announce/2013/mfsa2013-116.html
JPEG information leak — Mozilla
-
http://rhn.redhat.com/errata/RHSA-2013-1803.html
RHSA-2013:1803 - Security Advisory - Red Hat Customer Portal
-
http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html
openSUSE-SU-2014:0008-1: moderate: update for seamonkey
-
http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html
openSUSE-SU-2013:1917-1: moderate: update for MozillaFirefox
-
http://advisories.mageia.org/MGASA-2013-0333.html
Mageia Advisory: MGASA-2013-0333 - Updated libjpeg packages fix vulnerabilities in libjpeg-turbo
-
http://git.chromium.org/gitweb/?p=chromium/deps/libjpeg_turbo.git;a=commit;h=32cab49bd4cb1ce069a435fd75f9439c34ddc6f8
chromium Git repositories - Git at Google
-
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html
[SECURITY] Fedora 20 Update: firefox-26.0-3.fc20
-
http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html
openSUSE-SU-2013:1957-1: moderate: update for MozillaThunderbird
-
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
[security-announce] openSUSE-SU-2013:1861-1: important: chromium: update
-
http://www.ubuntu.com/usn/USN-2060-1
USN-2060-1: libjpeg, libjpeg-turbo vulnerabilities | Ubuntu security notices
-
http://www.ubuntu.com/usn/USN-2052-1
USN-2052-1: Firefox vulnerabilities | Ubuntu security notices
-
http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
Chrome Releases: Stable Channel UpdateVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
[security-announce] openSUSE-SU-2013:1776-1: important: chromium: 31.0.1
-
http://www.debian.org/security/2013/dsa-2799
Debian -- Security Information -- DSA-2799-1 chromium-browser
-
http://www.securitytracker.com/id/1029476
Mozilla Seamonkey Multiple Flaws Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks - SecurityTracker
-
http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html
openSUSE-SU-2013:1916-1: moderate: update for MozillaFirefox
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html
[SECURITY] Fedora 18 Update: thunderbird-24.2.0-2.fc18
-
https://bugzilla.mozilla.org/show_bug.cgi?id=891693
891693 - (CVE-2013-6629) JPEG info leak
-
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html
[SECURITY] Fedora 19 Update: thunderbird-24.2.0-2.fc19
-
http://www.securitytracker.com/id/1029470
Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks - SecurityTracker
Jump to