CVE-2013-6630

Publication date 18 November 2013

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.

Read the notes from the security team

Status

Package Ubuntu Release Status
firefox 13.10 saucy
Fixed 26.0+build2-0ubuntu0.13.10.2
13.04 raring
Fixed 26.0+build2-0ubuntu0.13.04.2
12.10 quantal
Fixed 26.0+build2-0ubuntu0.12.10.2
12.04 LTS precise
Fixed 26.0+build2-0ubuntu0.12.04.2
10.04 LTS lucid Ignored end of life
libjpeg6b 13.10 saucy
Fixed 6b1-3ubuntu1.13.10.1
13.04 raring
Fixed 6b1-3ubuntu1.13.04.1
12.10 quantal
Fixed 6b1-2ubuntu2.1
12.04 LTS precise
Fixed 6b1-2ubuntu1.1
10.04 LTS lucid
Fixed 6b-15ubuntu1.1
libjpeg-turbo 13.10 saucy
Fixed 1.3.0-0ubuntu1.1
13.04 raring
Fixed 1.2.1-0ubuntu2.13.04.1
12.10 quantal
Fixed 1.2.1-0ubuntu2.12.10.1
12.04 LTS precise
Fixed 1.1.90+svn733-0ubuntu4.3
10.04 LTS lucid Not in release
thunderbird 13.10 saucy
Fixed 1:24.2.0+build1-0ubuntu0.13.10.1
13.04 raring
Fixed 1:24.2.0+build1-0ubuntu0.13.04.1
12.10 quantal
Fixed 1:24.2.0+build1-0ubuntu0.12.10.1
12.04 LTS precise
Fixed 1:24.2.0+build1-0ubuntu0.12.04.1
10.04 LTS lucid Ignored end of life

Notes

seth-arnold

The fix is to initialize huffval[].

mdeslaur

Although original report seems to indicate libjpeg6b isn't affected, that particular code is identical.

References

Related Ubuntu Security Notices (USN)

    • USN-2052-1
    • Firefox vulnerabilities
    • 11 December 2013
    • USN-2060-1
    • libjpeg, libjpeg-turbo vulnerabilities
    • 19 December 2013
    • USN-2053-1
    • Thunderbird vulnerabilities
    • 11 December 2013

Other references