what you don't know can hurt you
Showing 1 - 8 of 8 RSS Feed

CVE-2013-6630

Status Candidate

Overview

The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.

Related Files

Gentoo Linux Security Advisory 201606-03
Posted Jun 6, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201606-3 - Two vulnerabilities have been discovered in libjpeg-turbo, the worse of which could allow remote attackers access to sensitive information. Versions prior to 1.4.2 are affected.

tags | advisory, remote, vulnerability
systems | linux, gentoo
advisories | CVE-2013-6629, CVE-2013-6630
MD5 | 4a4c27de82ff64c5a2f6c3fe33564cc9
Ubuntu Security Notice USN-2060-1
Posted Dec 22, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2060-1 - Michal Zalewski discovered that libjpeg and libjpeg-turbo incorrectly handled certain memory operations. An attacker could use this issue with a specially-crafted JPEG file to possibly expose sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2013-6629, CVE-2013-6630
MD5 | 829a89d1549a5321f939da2c6c0ac2ba
Ubuntu Security Notice USN-2053-1
Posted Dec 12, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2053-1 - Ben Turner, Bobby Holley, Jesse Ruderman and Christian Holler discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Tyson Smith and Jesse Schwartzentruber discovered a use-after-free in event listeners. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-5609, CVE-2013-5616, CVE-2013-5618, CVE-2013-6671, CVE-2013-6673, CVE-2013-5613, CVE-2013-5615, CVE-2013-5609, CVE-2013-5613, CVE-2013-5615, CVE-2013-5616, CVE-2013-5618, CVE-2013-6629, CVE-2013-6630, CVE-2013-6671, CVE-2013-6673
MD5 | d4b0012d6f770c68199d29748fa33e2c
Ubuntu Security Notice USN-2052-1
Posted Dec 12, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2052-1 - Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler and Christoph Diehl discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Myk Melez discovered that the doorhanger notification for web app installation could persist between page navigations. An attacker could potentially exploit this to conduct clickjacking attacks. Various other issues were also addressed.

tags | advisory, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-5611, CVE-2013-5612, CVE-2013-5614, CVE-2013-5616, CVE-2013-5618, CVE-2013-5619, CVE-2013-6671, CVE-2013-6672, CVE-2013-6673, CVE-2013-5613, CVE-2013-5615, CVE-2013-5609, CVE-2013-5610, CVE-2013-5611, CVE-2013-5612, CVE-2013-5613, CVE-2013-5614, CVE-2013-5615, CVE-2013-5616, CVE-2013-5618, CVE-2013-5619, CVE-2013-6629, CVE-2013-6630, CVE-2013-6671, CVE-2013-6672, CVE-2013-6673
MD5 | d1c0d3128f80a9faa4e87b9a394334f4
Red Hat Security Advisory 2013-1803-01
Posted Dec 9, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1803-01 - The libjpeg-turbo package contains a library of functions for manipulating JPEG images. It also contains simple client programs for accessing the libjpeg functions. An uninitialized memory read issue was found in the way libjpeg-turbo decoded images with missing Start Of Scan JPEG markers or Define Huffman Table JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of potentially sensitive information.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2013-6629, CVE-2013-6630
MD5 | 39b4f440793431c83bad3438cc08c0e9
Mandriva Linux Security Advisory 2013-274
Posted Nov 21, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-274 - A Heap-based buffer overflow was found in the way libjpeg-turbo decompressed certain corrupt JPEG images in which the component count was erroneously set to a large value. An attacker could create a specially-crafted JPEG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. libjpeg 6b and libjpeg-turbo will use uninitialized memory when decoding images with missing SOS data for the luminance component in presence of valid chroma data. libjpeg-turbo will use uninitialized memory when handling Huffman tables.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-2806, CVE-2013-6629, CVE-2013-6630
MD5 | 0ff081495ede7e1e06fec11ea0dfe956
Mandriva Linux Security Advisory 2013-273
Posted Nov 21, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-273 - libjpeg 6b and libjpeg-turbo will use uninitialized memory when decoding images with missing SOS data for the luminance component in presence of valid chroma data. libjpeg-turbo will use uninitialized memory when handling Huffman tables.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-6629, CVE-2013-6630
MD5 | c37a9ba157ef482db44c74c1846c162f
IJG jpeg6b / libjpeg-turbo Uninitialized Memory
Posted Nov 12, 2013
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

jpeg6b and some of its optimized clones (e.g., libjpeg-turbo) will use uninitialized memory when decoding images with missing SOS data for the luminance component (Y) in presence of valid chroma data (Cr, Cb).

tags | advisory
advisories | CVE-2013-6629, CVE-2013-6630
MD5 | c74e7593702f247838a41cf95581a50f
Page 1 of 1
Back1Next

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    16 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    7 Files
  • 18
    Jul 18th
    5 Files
  • 19
    Jul 19th
    12 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close