exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2013-6630

Status Candidate

Overview

The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.

Related Files

Gentoo Linux Security Advisory 201606-03
Posted Jun 6, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201606-3 - Two vulnerabilities have been discovered in libjpeg-turbo, the worse of which could allow remote attackers access to sensitive information. Versions prior to 1.4.2 are affected.

tags | advisory, remote, vulnerability
systems | linux, gentoo
advisories | CVE-2013-6629, CVE-2013-6630
SHA-256 | 3cfb7ea243a05a648dea862fda0a8f0a5b163f83e82414c758b2fcfab197f918
Ubuntu Security Notice USN-2060-1
Posted Dec 22, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2060-1 - Michal Zalewski discovered that libjpeg and libjpeg-turbo incorrectly handled certain memory operations. An attacker could use this issue with a specially-crafted JPEG file to possibly expose sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2013-6629, CVE-2013-6630
SHA-256 | ada724d80f6116cda0c73d2efd4024177e4c219c100094a3b9792cfeff4db895
Ubuntu Security Notice USN-2053-1
Posted Dec 12, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2053-1 - Ben Turner, Bobby Holley, Jesse Ruderman and Christian Holler discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Tyson Smith and Jesse Schwartzentruber discovered a use-after-free in event listeners. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-5609, CVE-2013-5616, CVE-2013-5618, CVE-2013-6671, CVE-2013-6673, CVE-2013-5613, CVE-2013-5615, CVE-2013-5609, CVE-2013-5613, CVE-2013-5615, CVE-2013-5616, CVE-2013-5618, CVE-2013-6629, CVE-2013-6630, CVE-2013-6671, CVE-2013-6673
SHA-256 | 5159e7e7049d07c70b2c77d71de23572e9d141a50325c9e5342c445e96450dd1
Ubuntu Security Notice USN-2052-1
Posted Dec 12, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2052-1 - Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler and Christoph Diehl discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Myk Melez discovered that the doorhanger notification for web app installation could persist between page navigations. An attacker could potentially exploit this to conduct clickjacking attacks. Various other issues were also addressed.

tags | advisory, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-5611, CVE-2013-5612, CVE-2013-5614, CVE-2013-5616, CVE-2013-5618, CVE-2013-5619, CVE-2013-6671, CVE-2013-6672, CVE-2013-6673, CVE-2013-5613, CVE-2013-5615, CVE-2013-5609, CVE-2013-5610, CVE-2013-5611, CVE-2013-5612, CVE-2013-5613, CVE-2013-5614, CVE-2013-5615, CVE-2013-5616, CVE-2013-5618, CVE-2013-5619, CVE-2013-6629, CVE-2013-6630, CVE-2013-6671, CVE-2013-6672, CVE-2013-6673
SHA-256 | f5392ed2aec4c1a38337707139196b135dfb0210fd9d2c93db8ff4b5a38a983e
Red Hat Security Advisory 2013-1803-01
Posted Dec 9, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1803-01 - The libjpeg-turbo package contains a library of functions for manipulating JPEG images. It also contains simple client programs for accessing the libjpeg functions. An uninitialized memory read issue was found in the way libjpeg-turbo decoded images with missing Start Of Scan JPEG markers or Define Huffman Table JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of potentially sensitive information.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2013-6629, CVE-2013-6630
SHA-256 | 764f2d1a0341a239da957f3ea164643680617a5f4bc005d7ab678c7618a811d7
Mandriva Linux Security Advisory 2013-274
Posted Nov 21, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-274 - A Heap-based buffer overflow was found in the way libjpeg-turbo decompressed certain corrupt JPEG images in which the component count was erroneously set to a large value. An attacker could create a specially-crafted JPEG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. libjpeg 6b and libjpeg-turbo will use uninitialized memory when decoding images with missing SOS data for the luminance component in presence of valid chroma data. libjpeg-turbo will use uninitialized memory when handling Huffman tables.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-2806, CVE-2013-6629, CVE-2013-6630
SHA-256 | a699eb9668adc83d9e220126707f88b19e9c60554afb68016efe762bd8825c95
Mandriva Linux Security Advisory 2013-273
Posted Nov 21, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-273 - libjpeg 6b and libjpeg-turbo will use uninitialized memory when decoding images with missing SOS data for the luminance component in presence of valid chroma data. libjpeg-turbo will use uninitialized memory when handling Huffman tables.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-6629, CVE-2013-6630
SHA-256 | 5ab93357e99a13fa424ef091ade9a5dad87aacf8255791e14c00578bc7cd0c4e
IJG jpeg6b / libjpeg-turbo Uninitialized Memory
Posted Nov 12, 2013
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

jpeg6b and some of its optimized clones (e.g., libjpeg-turbo) will use uninitialized memory when decoding images with missing SOS data for the luminance component (Y) in presence of valid chroma data (Cr, Cb).

tags | advisory
advisories | CVE-2013-6629, CVE-2013-6630
SHA-256 | 75281af87c2ac01e67120a1b37a4356f62199b948183ba8069556c239c29df05
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close