CVE-2013-6629

The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
firefox	13.10 saucy	Fixed 26.0+build2-0ubuntu0.13.10.2
	13.04 raring	Fixed 26.0+build2-0ubuntu0.13.04.2
	12.10 quantal	Fixed 26.0+build2-0ubuntu0.12.10.2
	12.04 LTS precise	Fixed 26.0+build2-0ubuntu0.12.04.2
	10.04 LTS lucid	Ignored
libjpeg-turbo	13.10 saucy	Fixed 1.3.0-0ubuntu1.1
	13.04 raring	Fixed 1.2.1-0ubuntu2.13.04.1
	12.10 quantal	Fixed 1.2.1-0ubuntu2.12.10.1
	12.04 LTS precise	Fixed 1.1.90+svn733-0ubuntu4.3
	10.04 LTS lucid	Not in release
libjpeg6b	13.10 saucy	Fixed 6b1-3ubuntu1.13.10.1
	13.04 raring	Fixed 6b1-3ubuntu1.13.04.1
	12.10 quantal	Fixed 6b1-2ubuntu2.1
	12.04 LTS precise	Fixed 6b1-2ubuntu1.1
	10.04 LTS lucid	Fixed 6b-15ubuntu1.1
openjdk-7	14.04 LTS trusty	Not in release
	13.10 saucy	Ignored
	12.10 quantal	Ignored
	12.04 LTS precise	Ignored
	10.04 LTS lucid	Not in release
thunderbird	13.10 saucy	Fixed 1:24.2.0+build1-0ubuntu0.13.10.1
	13.04 raring	Fixed 1:24.2.0+build1-0ubuntu0.13.04.1
	12.10 quantal	Fixed 1:24.2.0+build1-0ubuntu0.12.10.1
	12.04 LTS precise	Fixed 1:24.2.0+build1-0ubuntu0.12.04.1
	10.04 LTS lucid	Ignored

Notes

seth-arnold

Michal suggests libjpeg6b will not be updated from upstream

mdeslaur

upstream bug and proposed patch is ancient. Chromium contains a patch.

jdstrand

openjdk uses system jpeg

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
libjpeg-turbo	Other: http://ghostscript.com/pipermail/gs-code-review/2004-June/004579.html Vendor: http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/libjpeg_turbo/jdmarker.c?r1=228381&r2=228380&pathrev=228381
libjpeg6b	Other: http://ghostscript.com/pipermail/gs-code-review/2004-June/004579.html Vendor: http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libjpeg/jdmarker.c?r1=228354&r2=228353&pathrev=228354 Vendor: https://src.chromium.org/viewvc/chrome?revision=229729&view=revision Vendor: http://git.chromium.org/gitweb/?p=chromium/deps/libjpeg_turbo.git;a=commit;h=2285c50bcd51dd999d80b99b30ce9aef9fb80833

Package

Patch details

libjpeg-turbo

libjpeg6b

References

Related Ubuntu Security Notices (USN)

USN-2052-1
Firefox vulnerabilities
11 December 2013

USN-2060-1
libjpeg, libjpeg-turbo vulnerabilities
19 December 2013

USN-2053-1
Thunderbird vulnerabilities
11 December 2013

Status

Notes

Patch details

References

Related Ubuntu Security Notices (USN)

Other references