CVE 2013-6630
The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Related bugs and status
CVE-2013-6630 (Candidate) is related to these bugs:
Bug #469752: firefox,3.5/3.6 startup-notification bug
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
469752 | firefox,3.5/3.6 startup-notification bug | firefox-3.5 (Ubuntu) | Medium | Invalid | ||
469752 | firefox,3.5/3.6 startup-notification bug | Mozilla Firefox | Medium | Fix Released | ||
469752 | firefox,3.5/3.6 startup-notification bug | firefox-3.5 (Suse) | Medium | Fix Released | ||
469752 | firefox,3.5/3.6 startup-notification bug | firefox (Ubuntu) | Medium | Fix Released | ||
469752 | firefox,3.5/3.6 startup-notification bug | firefox (Ubuntu Lucid) | Medium | Fix Released | ||
469752 | firefox,3.5/3.6 startup-notification bug | firefox-3.5 (Ubuntu Lucid) | Medium | Invalid |
Bug #1011177: Please merge libjpeg6b 6b1-4 from Debian Unstable
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1011177 | Please merge libjpeg6b 6b1-4 from Debian Unstable | libjpeg6b (Ubuntu) | Wishlist | Fix Released |
Bug #1249389: linker complains of PIC instruction on object file not compiled as PIC
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1249389 | linker complains of PIC instruction on object file not compiled as PIC | chromium-browser (Ubuntu) | Undecided | Fix Released |
Bug #1250579: Security fixes from 31.0.1650.48
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1250579 | Security fixes from 31.0.1650.48 | chromium-browser (Ubuntu) | Undecided | Fix Released |
Bug #1251454: chromium-browser fails to depend on a compatible version of libnss3
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1251454 | chromium-browser fails to depend on a compatible version of libnss3 | chromium-browser (Ubuntu) | Undecided | Fix Released |
Bug #1252912: CVE-2013-6629, CVE-2013-6630
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1252912 | CVE-2013-6629, CVE-2013-6630 | libjpeg-turbo (Ubuntu) | Undecided | Fix Released |
See the
CVE page on Mitre.org
for more details.