CVE-2013-6630

Priority
Medium
Description
The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used
in Google Chrome before 31.0.1650.48 and other products, does not set all
elements of a certain Huffman value array during the reading of segments
that follow Define Huffman Table (DHT) JPEG markers, which allows remote
attackers to obtain sensitive information from uninitialized memory
locations via a crafted JPEG image.
References
Bugs
Notes
sarnold> The fix is to initialize huffval[].
mdeslaur> Although original report seems to indicate libjpeg6b isn't
mdeslaur> affected, that particular code is identical.
Assigned-to
mdeslaur
Package
Upstream:needed
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):released (1.1.90+svn733-0ubuntu4.3)
Ubuntu 12.10 (Quantal Quetzal):released (1.2.1-0ubuntu2.12.10.1)
Ubuntu 13.04 (Raring Ringtail):released (1.2.1-0ubuntu2.13.04.1)
Ubuntu 13.10 (Saucy Salamander):released (1.3.0-0ubuntu1.1)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.3.0-0ubuntu2)
Patches:
Vendor:http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/libjpeg_turbo/jdmarker.c?r1=228381&r2=228394&pathrev=228394
Vendor:http://git.chromium.org/gitweb/?p=chromium/deps/libjpeg_turbo.git;a=commit;h=32cab49bd4cb1ce069a435fd75f9439c34ddc6f8
Package
Upstream:released (6b1-4)
Ubuntu 10.04 LTS (Lucid Lynx):released (6b-15ubuntu1.1)
Ubuntu 12.04 LTS (Precise Pangolin):released (6b1-2ubuntu1.1)
Ubuntu 12.10 (Quantal Quetzal):released (6b1-2ubuntu2.1)
Ubuntu 13.04 (Raring Ringtail):released (6b1-3ubuntu1.13.04.1)
Ubuntu 13.10 (Saucy Salamander):released (6b1-3ubuntu1.13.10.1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (6b1-4ubuntu1)
Package
Upstream:released (26.0)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):released (26.0+build2-0ubuntu0.12.04.2)
Ubuntu 12.10 (Quantal Quetzal):released (26.0+build2-0ubuntu0.12.10.2)
Ubuntu 13.04 (Raring Ringtail):released (26.0+build2-0ubuntu0.13.04.2)
Ubuntu 13.10 (Saucy Salamander):released (26.0+build2-0ubuntu0.13.10.2)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Package
Upstream:released (24.2.0)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):released (1:24.2.0+build1-0ubuntu0.12.04.1)
Ubuntu 12.10 (Quantal Quetzal):released (1:24.2.0+build1-0ubuntu0.12.10.1)
Ubuntu 13.04 (Raring Ringtail):released (1:24.2.0+build1-0ubuntu0.13.04.1)
Ubuntu 13.10 (Saucy Salamander):released (1:24.2.0+build1-0ubuntu0.13.10.1)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:24.2.0+build1-0ubuntu1)
More Information

Valid XHTML 1.0 Strict

Updated: 2013-12-19 21:14:32 UTC (commit 7576)