Description
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
References (52)
Core 52
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/63676
Third Party Advisory x_refsource_confirm
https://www.ibm.com/support/docview.wss?uid=swg21675973
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2014:0414
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201406-32.xml
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1804.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html
Issue Tracking, Mailing List, Third Party Advisory vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=140852886808946&w=2
Third Party Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21672080
Broken Link mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2014:0413
Not Applicable third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/59058
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1803.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html
Issue Tracking, Mailing List, Third Party Advisory vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=140852974709252&w=2
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT6163
Not Applicable third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/56175
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html
Not Applicable third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/58974
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1029470
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=891693
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html
Third Party Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2013/mfsa2013-116.html
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT6150
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html
Third Party Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Patch, Third Party Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2013-6629
Third Party Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html
Vendor Advisory x_refsource_confirm
http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1029476
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
Patch, Third Party Advisory x_refsource_confirm
https://src.chromium.org/viewvc/chrome?revision=229729&view=revision
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201606-03
Broken Link x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21676746
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT6162
Issue Tracking, Third Party Advisory x_refsource_confirm
https://code.google.com/p/chromium/issues/detail?id=258723
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2052-1
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2013/dsa-2799
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
Third Party Advisory x_refsource_confirm
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Third Party Advisory x_refsource_confirm
http://advisories.mageia.org/MGASA-2013-0333.html
Issue Tracking, Vendor Advisory x_refsource_confirm
http://bugs.ghostscript.com/show_bug.cgi?id=686980
Broken Link vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:273
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2060-1
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2053-1
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html
Scores
EPSS
0.0032
EPSS Percentile
55.6%
Details
CWE
CWE-200
Status
published
Products (20)
artifex/gpl_ghostscript
< 9.03
canonical/ubuntu_linux
10.04
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
12.10
canonical/ubuntu_linux
13.04
canonical/ubuntu_linux
13.10
debian/debian_linux
7.0
debian/debian_linux
8.0
fedoraproject/fedora
18
fedoraproject/fedora
19
... and 10 more
Published
Nov 19, 2013
Tracked Since
Feb 18, 2026