CVE-2013-6629

N/A Unknown
Published: November 19, 2013 Modified: November 25, 2025
View on NVD

Description

The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://advisories.mageia.org/MGASA-2013-0333.html
Source: cve@mitre.org
Third Party Advisory
http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html
Source: cve@mitre.org
Broken Link
http://bugs.ghostscript.com/show_bug.cgi?id=686980
Source: cve@mitre.org
Issue Tracking Vendor Advisory
http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
Source: cve@mitre.org
Vendor Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Source: cve@mitre.org
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html
Source: cve@mitre.org
Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html
Source: cve@mitre.org
Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html
Source: cve@mitre.org
Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html
Source: cve@mitre.org
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
Source: cve@mitre.org
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
Source: cve@mitre.org
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
Source: cve@mitre.org
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html
Source: cve@mitre.org
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html
Source: cve@mitre.org
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html
Source: cve@mitre.org
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html
Source: cve@mitre.org
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html
Source: cve@mitre.org
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html
Source: cve@mitre.org
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html
Source: cve@mitre.org
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
Source: cve@mitre.org
Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=140852886808946&w=2
Source: cve@mitre.org
Issue Tracking Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=140852974709252&w=2
Source: cve@mitre.org
Issue Tracking Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1803.html
Source: cve@mitre.org
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1804.html
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/56175
Source: cve@mitre.org
Not Applicable
http://secunia.com/advisories/58974
Source: cve@mitre.org
Not Applicable
http://secunia.com/advisories/59058
Source: cve@mitre.org
Not Applicable
http://security.gentoo.org/glsa/glsa-201406-32.xml
Source: cve@mitre.org
Third Party Advisory
http://support.apple.com/kb/HT6150
Source: cve@mitre.org
Third Party Advisory
http://support.apple.com/kb/HT6162
Source: cve@mitre.org
Third Party Advisory
http://support.apple.com/kb/HT6163
Source: cve@mitre.org
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21672080
Source: cve@mitre.org
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676746
Source: cve@mitre.org
Broken Link
http://www.debian.org/security/2013/dsa-2799
Source: cve@mitre.org
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2013:273
Source: cve@mitre.org
Broken Link
http://www.mozilla.org/security/announce/2013/mfsa2013-116.html
Source: cve@mitre.org
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Source: cve@mitre.org
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
Source: cve@mitre.org
Third Party Advisory
http://www.securityfocus.com/bid/63676
Source: cve@mitre.org
Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1029470
Source: cve@mitre.org
Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1029476
Source: cve@mitre.org
Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2052-1
Source: cve@mitre.org
Third Party Advisory
http://www.ubuntu.com/usn/USN-2053-1
Source: cve@mitre.org
Third Party Advisory
http://www.ubuntu.com/usn/USN-2060-1
Source: cve@mitre.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2014:0413
Source: cve@mitre.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2014:0414
Source: cve@mitre.org
Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=891693
Source: cve@mitre.org
Issue Tracking Patch Third Party Advisory
https://code.google.com/p/chromium/issues/detail?id=258723
Source: cve@mitre.org
Issue Tracking Third Party Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2013-6629
Source: cve@mitre.org
Patch Third Party Advisory
https://security.gentoo.org/glsa/201606-03
Source: cve@mitre.org
Third Party Advisory
https://src.chromium.org/viewvc/chrome?revision=229729&view=revision
Source: cve@mitre.org
Patch Third Party Advisory
https://www.ibm.com/support/docview.wss?uid=swg21675973
Source: cve@mitre.org
Third Party Advisory
http://advisories.mageia.org/MGASA-2013-0333.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://bugs.ghostscript.com/show_bug.cgi?id=686980
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Vendor Advisory
http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=140852886808946&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=140852974709252&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1803.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1804.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/56175
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://secunia.com/advisories/58974
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://secunia.com/advisories/59058
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://security.gentoo.org/glsa/glsa-201406-32.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://support.apple.com/kb/HT6150
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://support.apple.com/kb/HT6162
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://support.apple.com/kb/HT6163
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21672080
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676746
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.debian.org/security/2013/dsa-2799
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2013:273
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.mozilla.org/security/announce/2013/mfsa2013-116.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.securityfocus.com/bid/63676
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1029470
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1029476
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2052-1
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-2053-1
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-2060-1
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2014:0413
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2014:0414
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=891693
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Patch Third Party Advisory
https://code.google.com/p/chromium/issues/detail?id=258723
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Third Party Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2013-6629
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Third Party Advisory
https://security.gentoo.org/glsa/201606-03
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://src.chromium.org/viewvc/chrome?revision=229729&view=revision
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Third Party Advisory
https://www.ibm.com/support/docview.wss?uid=swg21675973
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

104 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.2%
44th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-200

Affected Vendors

opensuse canonical mozilla debian libjpeg-turbo fedoraproject oracle google artifex

Related CVEs

CVE-2025-52691 10.0
CVE-2025-15168 7.3
CVE-2025-15167 7.3
CVE-2025-15166 7.3
CVE-2025-15165 7.3