CVE 2013-6629
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Related bugs and status
CVE-2013-6629 (Candidate) is related to these bugs:
Bug #469752: firefox,3.5/3.6 startup-notification bug
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
469752 | firefox,3.5/3.6 startup-notification bug | firefox-3.5 (Ubuntu) | Medium | Invalid | ||
469752 | firefox,3.5/3.6 startup-notification bug | Mozilla Firefox | Medium | Fix Released | ||
469752 | firefox,3.5/3.6 startup-notification bug | firefox-3.5 (Suse) | Medium | Fix Released | ||
469752 | firefox,3.5/3.6 startup-notification bug | firefox (Ubuntu) | Medium | Fix Released | ||
469752 | firefox,3.5/3.6 startup-notification bug | firefox (Ubuntu Lucid) | Medium | Fix Released | ||
469752 | firefox,3.5/3.6 startup-notification bug | firefox-3.5 (Ubuntu Lucid) | Medium | Invalid |
Bug #1011177: Please merge libjpeg6b 6b1-4 from Debian Unstable
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1011177 | Please merge libjpeg6b 6b1-4 from Debian Unstable | libjpeg6b (Ubuntu) | Wishlist | Fix Released |
Bug #1249389: linker complains of PIC instruction on object file not compiled as PIC
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1249389 | linker complains of PIC instruction on object file not compiled as PIC | chromium-browser (Ubuntu) | Undecided | Fix Released |
Bug #1250579: Security fixes from 31.0.1650.48
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1250579 | Security fixes from 31.0.1650.48 | chromium-browser (Ubuntu) | Undecided | Fix Released |
Bug #1251454: chromium-browser fails to depend on a compatible version of libnss3
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1251454 | chromium-browser fails to depend on a compatible version of libnss3 | chromium-browser (Ubuntu) | Undecided | Fix Released |
Bug #1252912: CVE-2013-6629, CVE-2013-6630
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1252912 | CVE-2013-6629, CVE-2013-6630 | libjpeg-turbo (Ubuntu) | Undecided | Fix Released |
Bug #1283828: "Cannot find any provider supporting RSA/ECB/OAEPPadding" error after upgrading to openjdk-6 6b27-1.12.6-1ubuntu0.12.04.4
See the
CVE page on Mitre.org
for more details.