CVE-2013-6629 Information

Description

The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0 as used in Google Chrome before 31.0.1650.48 Ghostscript and other products does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.

Reference

http://advisories.mageia.org/MGASA-2013-0333.html http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html http://bugs.ghostscript.com/show_bug.cgi?id=686980 http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html http://marc.info/?l=bugtraq&m=140852886808946&w=2 http://marc.info/?l=bugtraq&m=140852974709252&w=2 http://rhn.redhat.com/errata/RHSA-2013-1803.html http://rhn.redhat.com/errata/RHSA-2013-1804.html http://secunia.com/advisories/56175 http://secunia.com/advisories/58974 http://secunia.com/advisories/59058 http://security.gentoo.org/glsa/glsa-201406-32.xml http://support.apple.com/kb/HT6150 http://support.apple.com/kb/HT6162 http://support.apple.com/kb/HT6163 http://www.debian.org/security/2013/dsa-2799 http://www.mandriva.com/security/advisories?name=MDVSA-2013:273 http://www.mozilla.org/security/announce/2013/mfsa2013-116.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html http://www.securityfocus.com/bid/63676 http://www.securitytracker.com/id/1029470 http://www.securitytracker.com/id/1029476 http://www.ubuntu.com/usn/USN-2052-1 http://www.ubuntu.com/usn/USN-2053-1 http://www.ubuntu.com/usn/USN-2060-1 http://www-01.ibm.com/support/docview.wss?uid=swg21672080 http://www-01.ibm.com/support/docview.wss?uid=swg21676746 https://access.redhat.com/errata/RHSA-2014:0413 https://access.redhat.com/errata/RHSA-2014:0414 https://bugzilla.mozilla.org/show_bug.cgi?id=891693 https://code.google.com/p/chromium/issues/detail?id=258723 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2013-6629 https://security.gentoo.org/glsa/201606-03 https://src.chromium.org/viewvc/chrome?revision=229729&view=revision https://www.ibm.com/support/docview.wss?uid=swg21675973