PT-2013-1156 · Libjpeg Turbo+5 · Libjpeg-Turbo+5

Lcamtuf

Publicado

2013-11-12

Atualizado

2024-06-15

CVE-2013-6630

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions libjpeg-turbo versions 1.2.1 through 1.3.0

Description The issue is related to the get dht function in jdmarker.c, which does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers. This allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. The vulnerability can be exploited remotely and may lead to a violation of confidentiality of protected information.

Recommendations For libjpeg-turbo versions 1.2.1 through 1.3.0, update to a version later than 1.3.0 to resolve the issue. At the moment, there is no information about other specific fixes for this vulnerability.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200CWE-189

Identificadores relacionados

ALT-PU-2013-1119

ALT-PU-2013-1324

BDU:2015-06136

BDU:2015-06137

BDU:2015-06138

BDU:2015-06139

BDU:2015-09079

BDU:2015-09080

BDU:2015-09081

BDU:2015-09082

CESA-2013_1803

CVE-2013-6630

DSA-2799-1

MGASA-2013-0324

MGASA-2013-0333

OPENSUSE-SU-2013_1776-1

OPENSUSE-SU-2013_1777-1

OPENSUSE-SU-2013_1861-1

OPENSUSE-SU-2013_1871-1

OPENSUSE-SU-2014_1100-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:10171-1

OPENSUSE-SU-2024:10218-1

OPENSUSE-SU-2024:10230-1

OPENSUSE-SU-2024:12948-1

RHSA-2013:1803

RHSA-2013_1803

Produtos afetados

Alt Linux

Centos

Google Chrome

Red Hat

Suse

Libjpeg-Turbo

PT-2013-1156 · Libjpeg Turbo+5 · Libjpeg-Turbo+5

CVE-2013-6630

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4370