Home

CVE-2013-6630

Description

The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.

Risk Information

Base Score
6.5
MODERATE
Vector
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
1.83

Associated Vulnerability

VulnerabilityOS Platform
Updates for Google Chrome (66.0.3359.170)Windows
Updates for Google Chrome (x64) (66.0.3359.170)Windows
Updates for Google Chrome (66.0.3359.181)Windows
Updates for Google Chrome (x64) (66.0.3359.181)Windows
Updates for Google Chrome (67.0.3396.62)Windows
Updates for Google Chrome (x64) (67.0.3396.62)Windows
Updates for Google Chrome (67.0.3396.79)Windows
Updates for Google Chrome (x64) (67.0.3396.79)Windows
Updates for Google Chrome (67.0.3396.87)Windows
Updates for Google Chrome (x64) (67.0.3396.87)Windows
Google Chrome (67.0.3396.99)Windows
Google Chrome (x64) (67.0.3396.99)Windows
Multiple vulnerabilities fixed in Chrome (x64) 31.0.1650.48Windows
Multiple vulnerabilities fixed in Chrome 31.0.1650.48Windows
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (126.0)Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (126.0.1)Mac
Multiple vulnerabilities are fixed in Mozilla Thunderbird For Mac 24.2Mac
Multiple vulnerabilities are fixed in Google Chrome for Mac 31.0.1650.48Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac 24.2Mac
library for handling JPEG files (USN-2060-1) libjpeg62_6b1-2ubuntu1.1_i386.debLinux
library for handling JPEG files (USN-2060-1) libjpeg62_6b1-2ubuntu1.1_amd64.debLinux
library for handling JPEG files (USN-2060-1) libturbojpeg_1.1.90+svn733-0ubuntu4.3_i386.debLinux
library for handling JPEG files (USN-2060-1) libturbojpeg_1.1.90+svn733-0ubuntu4.3_amd64.debLinux
library for handling JPEG files (USN-2060-1) libjpeg-turbo8_1.1.90+svn733-0ubuntu4.3_i386.debLinux
library for handling JPEG files (USN-2060-1) libjpeg-turbo8_1.1.90+svn733-0ubuntu4.3_amd64.debLinux
Libjpeg-turbo update (CESA-2013:1803) libjpeg-turbo-1.2.1-3.el6_5.i686.rpmLinux
Libjpeg-turbo update (CESA-2013:1803) libjpeg-turbo-1.2.1-3.el6_5.x86_64.rpmLinux
Libjpeg-turbo update (CESA-2013:1803) libjpeg-turbo-devel-1.2.1-3.el6_5.i686.rpmLinux
Libjpeg-turbo update (CESA-2013:1803) libjpeg-turbo-devel-1.2.1-3.el6_5.x86_64.rpmLinux
Libjpeg-turbo update (CESA-2013:1803) libjpeg-turbo-static-1.2.1-3.el6_5.i686.rpmLinux
Libjpeg-turbo update (CESA-2013:1803) libjpeg-turbo-static-1.2.1-3.el6_5.x86_64.rpmLinux
(RHSA-2013:1803) Moderate: libjpeg-turbo security update libjpeg-turbo-1.2.1-3.el6_5.i686.rpmLinux
(RHSA-2013:1803) Moderate: libjpeg-turbo security update libjpeg-turbo-1.2.1-3.el6_5.x86_64.rpmLinux
(RHSA-2013:1803) Moderate: libjpeg-turbo security update libjpeg-turbo-devel-1.2.1-3.el6_5.i686.rpmLinux
(RHSA-2013:1803) Moderate: libjpeg-turbo security update libjpeg-turbo-devel-1.2.1-3.el6_5.x86_64.rpmLinux
(RHSA-2013:1803) Moderate: libjpeg-turbo security update libjpeg-turbo-static-1.2.1-3.el6_5.i686.rpmLinux
(RHSA-2013:1803) Moderate: libjpeg-turbo security update libjpeg-turbo-static-1.2.1-3.el6_5.x86_64.rpmLinux
Libjpeg-turbo update (ELSA-2013-1803) libjpeg-turbo-1.2.1-3.el6_5.x86_64.rpmLinux
Libjpeg-turbo-devel update (ELSA-2013-1803) libjpeg-turbo-devel-1.2.1-3.el6_5.x86_64.rpmLinux
Libjpeg-turbo-static update (ELSA-2013-1803) libjpeg-turbo-static-1.2.1-3.el6_5.x86_64.rpmLinux
Libjpeg-turbo update (ELSA-2013-1803) libjpeg-turbo-1.2.1-3.el6_5.i686.rpmLinux
Libjpeg-turbo-devel update (ELSA-2013-1803) libjpeg-turbo-devel-1.2.1-3.el6_5.i686.rpmLinux
Libjpeg-turbo-static update (ELSA-2013-1803) libjpeg-turbo-static-1.2.1-3.el6_5.i686.rpmLinux
Updates for Google Chrome (66.0.3359.170) (For Ubuntu)Linux
Updates for Google Chrome (66.0.3359.170) (For Debian)Linux
Updates for Google Chrome (66.0.3359.181) (For Debian)Linux
Updates for Google Chrome (67.0.3396.62) (For Debian)Linux
Updates for Google Chrome (67.0.3396.79) (For Debian)Linux
Updates for Google Chrome (67.0.3396.87) (For Debian)Linux
Google Chrome (67.0.3396.99) (For Debian)Linux
Multiple vulnerabilities fixed in Chrome 31.0.1650.48 (For Debian)Linux
Updates for Google Chrome (66.0.3359.170) (For Centos)Linux
Updates for Google Chrome (66.0.3359.181) (For Centos)Linux
Updates for Google Chrome (67.0.3396.62) (For Centos)Linux
Updates for Google Chrome (67.0.3396.79) (For Centos)Linux
Updates for Google Chrome (67.0.3396.87) (For Centos)Linux
Google Chrome (67.0.3396.99) (For Centos)Linux
Multiple vulnerabilities fixed in Chrome 31.0.1650.48 (For Centos)Linux
Updates for Google Chrome (66.0.3359.170) (For RedHat)Linux
Updates for Google Chrome (66.0.3359.181) (For RedHat)Linux
Updates for Google Chrome (67.0.3396.62) (For RedHat)Linux
Updates for Google Chrome (67.0.3396.79) (For RedHat)Linux
Updates for Google Chrome (67.0.3396.87) (For RedHat)Linux
Google Chrome (67.0.3396.99) (For RedHat)Linux
Multiple vulnerabilities fixed in Chrome 31.0.1650.48 (For RedHat)Linux
Updates for Google Chrome (66.0.3359.170) (For Suse)Linux
Updates for Google Chrome (66.0.3359.181) (For Suse)Linux
Updates for Google Chrome (67.0.3396.62) (For Suse)Linux
Updates for Google Chrome (67.0.3396.79) (For Suse)Linux
Updates for Google Chrome (67.0.3396.87) (For Suse)Linux
Google Chrome (67.0.3396.99) (For Suse)Linux
Multiple vulnerabilities fixed in Chrome 31.0.1650.48 (For Suse)Linux
Updates for Google Chrome (66.0.3359.181) (For Ubuntu)Linux
Updates for Google Chrome (67.0.3396.62) (For Ubuntu)Linux
Updates for Google Chrome (67.0.3396.79) (For Ubuntu)Linux
Updates for Google Chrome (67.0.3396.87) (For Ubuntu)Linux
Google Chrome (67.0.3396.99) (For Ubuntu)Linux
Multiple vulnerabilities fixed in Chrome 31.0.1650.48 (For Ubuntu)Linux
CVE-2013-6630NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-307513Updates for Google Chrome (66.0.3359.170)
PATCH-307515Updates for Google Chrome (x64) (66.0.3359.170)
PATCH-307534Updates for Google Chrome (66.0.3359.181)
PATCH-307535Updates for Google Chrome (x64) (66.0.3359.181)
PATCH-307607Updates for Google Chrome (67.0.3396.62)
PATCH-307608Updates for Google Chrome (x64) (67.0.3396.62)
PATCH-307641Updates for Google Chrome (67.0.3396.79)
PATCH-307644Updates for Google Chrome (x64) (67.0.3396.79)
PATCH-307660Updates for Google Chrome (67.0.3396.87)
PATCH-307662Updates for Google Chrome (x64) (67.0.3396.87)
PATCH-307715Google Chrome (67.0.3396.99)
PATCH-307716Google Chrome (x64) (67.0.3396.99)
PATCH-313162Google Chrome (x64) (80.0.3987.132)
PATCH-313161Google Chrome (80.0.3987.132)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611807Mozilla Thunderbird For Mac (142.0)
PATCH-611995Google Chrome for Mac (140.0.7339.132 , 140.0.7339.133)
PATCH-612783Mozilla Firefox For Mac (145.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234