CVE-2013-6630
libjpeg: information leak (read of uninitialized memory)
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
La función get_dht en jdmarker.c en libjpeg-turbo hasta la versión 1.3.0, tal y como se usa en Google Chrome anterior a la versión 31.0.1650.48 y otros productos, no establece todos los elementos de un valor cadena Huffman concreto durante la lectura de segmentos que siguen marcadores Define Huffman Table (DHT) JPEG, lo que permite a atacantes remotos obtener información sensible desde localizaciones de memoria sin inicializar a través de una imagen JPEG manipulada.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-11-05 CVE Reserved
- 2013-11-12 CVE Published
- 2024-08-06 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-189: Numeric Errors
- CWE-456: Missing Initialization of a Variable
CAPEC
References (35)
| URL | Tag | Source |
|---|---|---|
| http://advisories.mageia.org/MGASA-2013-0333.html | X_refsource_confirm | |
| http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html | Mailing List | |
| http://git.chromium.org/gitweb/?p=chromium/deps/libjpeg_turbo.git%3Ba=commit%3Bh=32cab49bd4cb1ce069a435fd75f9439c34ddc6f8 | X_refsource_confirm | |
| http://secunia.com/advisories/56175 | Third Party Advisory | |
| http://www.mozilla.org/security/announce/2013/mfsa2013-116.html | X_refsource_confirm | |
| http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | X_refsource_confirm |
|
| http://www.securitytracker.com/id/1029470 | Vdb Entry | |
| http://www.securitytracker.com/id/1029476 | Vdb Entry | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=891693 | X_refsource_confirm | |
| https://code.google.com/p/chromium/issues/detail?id=299835 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | <= 31.0.1650.47 Search vendor "Google" for product "Chrome" and version " <= 31.0.1650.47" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.0 Search vendor "Google" for product "Chrome" and version "31.0.1650.0" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.2 Search vendor "Google" for product "Chrome" and version "31.0.1650.2" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.3 Search vendor "Google" for product "Chrome" and version "31.0.1650.3" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.4 Search vendor "Google" for product "Chrome" and version "31.0.1650.4" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.5 Search vendor "Google" for product "Chrome" and version "31.0.1650.5" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.6 Search vendor "Google" for product "Chrome" and version "31.0.1650.6" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.7 Search vendor "Google" for product "Chrome" and version "31.0.1650.7" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.8 Search vendor "Google" for product "Chrome" and version "31.0.1650.8" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.9 Search vendor "Google" for product "Chrome" and version "31.0.1650.9" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.10 Search vendor "Google" for product "Chrome" and version "31.0.1650.10" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.11 Search vendor "Google" for product "Chrome" and version "31.0.1650.11" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.12 Search vendor "Google" for product "Chrome" and version "31.0.1650.12" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.13 Search vendor "Google" for product "Chrome" and version "31.0.1650.13" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.14 Search vendor "Google" for product "Chrome" and version "31.0.1650.14" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.15 Search vendor "Google" for product "Chrome" and version "31.0.1650.15" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.16 Search vendor "Google" for product "Chrome" and version "31.0.1650.16" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.17 Search vendor "Google" for product "Chrome" and version "31.0.1650.17" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.18 Search vendor "Google" for product "Chrome" and version "31.0.1650.18" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.19 Search vendor "Google" for product "Chrome" and version "31.0.1650.19" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.20 Search vendor "Google" for product "Chrome" and version "31.0.1650.20" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.22 Search vendor "Google" for product "Chrome" and version "31.0.1650.22" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.23 Search vendor "Google" for product "Chrome" and version "31.0.1650.23" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.25 Search vendor "Google" for product "Chrome" and version "31.0.1650.25" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.26 Search vendor "Google" for product "Chrome" and version "31.0.1650.26" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.27 Search vendor "Google" for product "Chrome" and version "31.0.1650.27" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.28 Search vendor "Google" for product "Chrome" and version "31.0.1650.28" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.29 Search vendor "Google" for product "Chrome" and version "31.0.1650.29" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.30 Search vendor "Google" for product "Chrome" and version "31.0.1650.30" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.31 Search vendor "Google" for product "Chrome" and version "31.0.1650.31" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.32 Search vendor "Google" for product "Chrome" and version "31.0.1650.32" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.33 Search vendor "Google" for product "Chrome" and version "31.0.1650.33" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.34 Search vendor "Google" for product "Chrome" and version "31.0.1650.34" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.35 Search vendor "Google" for product "Chrome" and version "31.0.1650.35" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.36 Search vendor "Google" for product "Chrome" and version "31.0.1650.36" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.37 Search vendor "Google" for product "Chrome" and version "31.0.1650.37" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.38 Search vendor "Google" for product "Chrome" and version "31.0.1650.38" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.39 Search vendor "Google" for product "Chrome" and version "31.0.1650.39" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.41 Search vendor "Google" for product "Chrome" and version "31.0.1650.41" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.42 Search vendor "Google" for product "Chrome" and version "31.0.1650.42" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.43 Search vendor "Google" for product "Chrome" and version "31.0.1650.43" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.44 Search vendor "Google" for product "Chrome" and version "31.0.1650.44" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.45 Search vendor "Google" for product "Chrome" and version "31.0.1650.45" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 31.0.1650.46 Search vendor "Google" for product "Chrome" and version "31.0.1650.46" | - |
Affected
| ||||||