Red Hat Customer Portal

Skip to main content

CVE-2013-6630

The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.

Details Source

Mitre

Public Date

2013-11-12 00:00:00

Impact

Moderate

Bugzilla

CVE-2013-6630 libjpeg: information leak (read of uninitialized memory)

Bugzilla ID

1 031 749

CVSS Status

verified

Base Score

4.30

Base Metrics

AV:N/AC:M/Au:N/C:P/I:N/A:N

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (libjpeg-turbo) RHSA-2013:1803 2013-12-09

CWE

CWE-456

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 libjpeg-turbo Not affected
Red Hat Enterprise Linux 5 libjpeg Not affected