CVE-2013-6630 (retired)

Priority
Description
The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used
in Google Chrome before 31.0.1650.48 and other products, does not set all
elements of a certain Huffman value array during the reading of segments
that follow Define Huffman Table (DHT) JPEG markers, which allows remote
attackers to obtain sensitive information from uninitialized memory
locations via a crafted JPEG image.
Notes
 sarnold> The fix is to initialize huffval[].
 mdeslaur> Although original report seems to indicate libjpeg6b isn't
 mdeslaur> affected, that particular code is identical.
Assigned-to
mdeslaur
Package
Upstream:released (26.0)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Package
Upstream:released (6b1-4)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (6b1-4ubuntu1)
Package
Priority: Low
Upstream:released (24.2.0)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:24.2.0+build1-0ubuntu1)
More Information

Updated: 2019-03-26 12:11:15 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)