PT-2013-1156 · Libjpeg Turbo+5 · Libjpeg-Turbo+5

Lcamtuf

Published

2013-11-12

Updated

2024-06-15

CVE-2013-6630

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions libjpeg-turbo versions 1.2.1 through 1.3.0

Description The issue is related to the get dht function in jdmarker.c, which does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers. This allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. The vulnerability can be exploited remotely and may lead to a violation of confidentiality of protected information.

Recommendations For libjpeg-turbo versions 1.2.1 through 1.3.0, update to a version later than 1.3.0 to resolve the issue. At the moment, there is no information about other specific fixes for this vulnerability.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-189

Related Identifiers

ALT-PU-2013-1119

ALT-PU-2013-1324

BDU:2015-06136

BDU:2015-06137

BDU:2015-06138

BDU:2015-06139

BDU:2015-09079

BDU:2015-09080

BDU:2015-09081

BDU:2015-09082

CESA-2013_1803

CVE-2013-6630

DSA-2799-1

MGASA-2013-0324

MGASA-2013-0333

OPENSUSE-SU-2013_1776-1

OPENSUSE-SU-2013_1777-1

OPENSUSE-SU-2013_1861-1

OPENSUSE-SU-2013_1871-1

OPENSUSE-SU-2014_1100-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:10171-1

OPENSUSE-SU-2024:10218-1

OPENSUSE-SU-2024:10230-1

OPENSUSE-SU-2024:12948-1

RHSA-2013:1803

RHSA-2013_1803

Affected Products

Alt Linux

Centos

Google Chrome

Red Hat

Suse

Libjpeg-Turbo

PT-2013-1156 · Libjpeg Turbo+5 · Libjpeg-Turbo+5

CVE-2013-6630

Weakness Enumeration

Related Identifiers

Affected Products

References · 4370