Executive Summary
Summary | |
---|---|
Title | libjpeg security update |
Informations | |||
---|---|---|---|
Name | RHSA-2013:1804 | First vendor Publication | 2013-12-09 |
Vendor | RedHat | Last vendor Modification | 2013-12-09 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: An updated libjpeg package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The libjpeg package contains a library of functions for manipulating JPEG images. It also contains simple client programs for accessing the libjpeg functions. An uninitialized memory read issue was found in the way libjpeg decoded images with missing Start Of Scan (SOS) JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of potentially sensitive information. (CVE-2013-6629) All libjpeg users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1031734 - CVE-2013-6629 libjpeg: information leak (read of uninitialized memory) |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2013-1804.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-200 | Information Exposure |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:21129 | |||
Oval ID: | oval:org.mitre.oval:def:21129 | ||
Title: | RHSA-2013:1804: libjpeg security update (Moderate) | ||
Description: | The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:1804-00 CESA-2013:1804 CVE-2013-6629 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | libjpeg |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21236 | |||
Oval ID: | oval:org.mitre.oval:def:21236 | ||
Title: | The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. | ||
Description: | The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-6629 | Version: | 15 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Google Chrome Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23646 | |||
Oval ID: | oval:org.mitre.oval:def:23646 | ||
Title: | ELSA-2013:1804: libjpeg security update (Moderate) | ||
Description: | The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:1804-00 CVE-2013-6629 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | libjpeg |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:24712 | |||
Oval ID: | oval:org.mitre.oval:def:24712 | ||
Title: | Vulnerability in Java SE 5.0u61, Java SE 6u71, Java SE 7u51, Java SE 8 allows successful unauthenticated network attacks via multiple protocols | ||
Description: | The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-6629 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26976 | |||
Oval ID: | oval:org.mitre.oval:def:26976 | ||
Title: | DEPRECATED: ELSA-2013-1804 -- libjpeg security update (moderate) | ||
Description: | [6b-38] - Add patch for CVE-2013-6629 - Resolves: #1031952 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-1804 CVE-2013-6629 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | libjpeg |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2014-03-13 | IAVM : 2014-B-0024 - Multiple Security Vulnerabilities in Apple iOS Severity : Category I - VMSKEY : V0046157 |
2014-02-27 | IAVM : 2014-A-0030 - Apple Mac OS X Security Update 2014-001 Severity : Category I - VMSKEY : V0044547 |
2013-12-12 | IAVM : 2013-A-0233 - Multiple Vulnerabilities in Mozilla Products Severity : Category I - VMSKEY : V0042596 |
2013-11-14 | IAVM : 2013-B-0124 - Multiple Vulnerabilities in Google Chrome Severity : Category I - VMSKEY : V0042301 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-04-12 | Name : An application installed on the remote macOS or Mac OS X host is affected by ... File : macosx_ms17-04-4019460_mono.nasl - Type : ACT_GATHER_INFO |
2017-04-12 | Name : The remote Windows host is affected by multiple vulnerabilities. File : smb_nt_ms17_apr_4015550.nasl - Type : ACT_GATHER_INFO |
2017-04-12 | Name : The remote Windows host is affected by multiple vulnerabilities. File : smb_nt_ms17_apr_4015549.nasl - Type : ACT_GATHER_INFO |
2017-04-12 | Name : The remote Windows host is affected by an information disclosure vulnerability. File : smb_nt_ms17_apr_4015383.nasl - Type : ACT_GATHER_INFO |
2017-04-11 | Name : A web application framework running on the remote host is affected by an info... File : smb_nt_ms17_apr_4017094.nasl - Type : ACT_GATHER_INFO |
2017-04-11 | Name : The remote Windows host is affected by multiple vulnerabilities. File : smb_nt_ms17-apr_4015551.nasl - Type : ACT_GATHER_INFO |
2017-04-11 | Name : The remote Windows host is affected by multiple vulnerabilities. File : smb_nt_ms17_apr_4015217.nasl - Type : ACT_GATHER_INFO |
2017-04-11 | Name : The remote Windows host is affected by multiple vulnerabilities. File : smb_nt_ms17_apr_4015219.nasl - Type : ACT_GATHER_INFO |
2017-04-11 | Name : The remote Windows host is affected by multiple vulnerabilities. File : smb_nt_ms17_apr_4015221.nasl - Type : ACT_GATHER_INFO |
2017-04-11 | Name : The remote Windows host is affected by multiple vulnerabilities. File : smb_nt_ms17_apr_4015583.nasl - Type : ACT_GATHER_INFO |
2016-06-06 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201606-03.nasl - Type : ACT_GATHER_INFO |
2016-05-24 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL59503294.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-0732-1.nasl - Type : ACT_GATHER_INFO |
2014-12-16 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-773.nasl - Type : ACT_GATHER_INFO |
2014-12-16 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-772.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0982.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0414.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0413.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2014-0041.nasl - Type : ACT_GATHER_INFO |
2014-09-23 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : ibm_domino_9_0_1_fp2.nasl - Type : ACT_GATHER_INFO |
2014-09-23 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : domino_9_0_1_fp2.nasl - Type : ACT_GATHER_INFO |
2014-09-23 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : ibm_notes_9_0_1_fp2.nasl - Type : ACT_GATHER_INFO |
2014-09-17 | Name : The remote host has a virtualization management application installed that is... File : vmware_vcenter_vmsa-2014-0008.nasl - Type : ACT_GATHER_INFO |
2014-09-17 | Name : The remote host has an update manager installed that is affected by multiple ... File : vmware_vcenter_update_mgr_vmsa-2014-0008.nasl - Type : ACT_GATHER_INFO |
2014-07-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0705.nasl - Type : ACT_GATHER_INFO |
2014-07-28 | Name : The remote AIX host has a version of Java SDK installed that is potentially a... File : aix_java_apr2014_advisory.nasl - Type : ACT_GATHER_INFO |
2014-06-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-993.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-1022.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-1023.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-1024.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-903.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-904.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-961.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-994.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-995.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-2.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-37.nasl - Type : ACT_GATHER_INFO |
2014-06-10 | Name : The remote Fedora host is missing a security update. File : fedora_2014-6870.nasl - Type : ACT_GATHER_INFO |
2014-06-10 | Name : The remote Fedora host is missing a security update. File : fedora_2014-6859.nasl - Type : ACT_GATHER_INFO |
2014-06-03 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-140514.nasl - Type : ACT_GATHER_INFO |
2014-06-01 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-140515.nasl - Type : ACT_GATHER_INFO |
2014-05-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0509.nasl - Type : ACT_GATHER_INFO |
2014-05-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0508.nasl - Type : ACT_GATHER_INFO |
2014-05-14 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-openjdk-140508.nasl - Type : ACT_GATHER_INFO |
2014-05-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0486.nasl - Type : ACT_GATHER_INFO |
2014-05-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2923.nasl - Type : ACT_GATHER_INFO |
2014-04-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0412.nasl - Type : ACT_GATHER_INFO |
2014-04-16 | Name : The remote Unix host contains a programming platform that is potentially affe... File : oracle_java_cpu_apr_2014_unix.nasl - Type : ACT_GATHER_INFO |
2014-04-16 | Name : The remote Windows host contains a programming platform that is potentially a... File : oracle_java_cpu_apr_2014.nasl - Type : ACT_GATHER_INFO |
2014-03-12 | Name : The remote device is affected by multiple vulnerabilities. File : appletv_6_1.nasl - Type : ACT_GATHER_INFO |
2014-02-25 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2014-001.nasl - Type : ACT_GATHER_INFO |
2014-02-25 | Name : The remote host is missing a Mac OS X update that fixes a certificate validat... File : macosx_10_9_2.nasl - Type : ACT_GATHER_INFO |
2014-01-12 | Name : The remote Fedora host is missing a security update. File : fedora_2013-23722.nasl - Type : ACT_GATHER_INFO |
2014-01-03 | Name : The remote Fedora host is missing a security update. File : fedora_2013-23291.nasl - Type : ACT_GATHER_INFO |
2013-12-24 | Name : The remote Fedora host is missing a security update. File : fedora_2013-23749.nasl - Type : ACT_GATHER_INFO |
2013-12-23 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-267.nasl - Type : ACT_GATHER_INFO |
2013-12-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2060-1.nasl - Type : ACT_GATHER_INFO |
2013-12-18 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2013-23519.nasl - Type : ACT_GATHER_INFO |
2013-12-17 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2013-350-02.nasl - Type : ACT_GATHER_INFO |
2013-12-16 | Name : The remote Fedora host is missing a security update. File : fedora_2013-23295.nasl - Type : ACT_GATHER_INFO |
2013-12-16 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_dd116b1964b311e3868f0025905a4771.nasl - Type : ACT_GATHER_INFO |
2013-12-12 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2013-23127.nasl - Type : ACT_GATHER_INFO |
2013-12-12 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2053-1.nasl - Type : ACT_GATHER_INFO |
2013-12-12 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2052-1.nasl - Type : ACT_GATHER_INFO |
2013-12-11 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_24_2_esr.nasl - Type : ACT_GATHER_INFO |
2013-12-11 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131210_libjpeg_turbo_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2013-12-11 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_26.nasl - Type : ACT_GATHER_INFO |
2013-12-11 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131210_libjpeg_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-12-11 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_24_2_esr.nasl - Type : ACT_GATHER_INFO |
2013-12-11 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_26.nasl - Type : ACT_GATHER_INFO |
2013-12-11 | Name : The remote Windows host contains a web browser that is potentially affected b... File : seamonkey_223.nasl - Type : ACT_GATHER_INFO |
2013-12-11 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_24_2.nasl - Type : ACT_GATHER_INFO |
2013-12-11 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_24_2.nasl - Type : ACT_GATHER_INFO |
2013-12-11 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1804.nasl - Type : ACT_GATHER_INFO |
2013-12-10 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1803.nasl - Type : ACT_GATHER_INFO |
2013-12-10 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1803.nasl - Type : ACT_GATHER_INFO |
2013-12-10 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1804.nasl - Type : ACT_GATHER_INFO |
2013-12-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1804.nasl - Type : ACT_GATHER_INFO |
2013-12-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1803.nasl - Type : ACT_GATHER_INFO |
2013-11-22 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-273.nasl - Type : ACT_GATHER_INFO |
2013-11-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2799.nasl - Type : ACT_GATHER_INFO |
2013-11-14 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_31_0_1650_48.nasl - Type : ACT_GATHER_INFO |
2013-11-14 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_google_chrome_31_0_1650_48.nasl - Type : ACT_GATHER_INFO |
2013-11-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_3bfc70164bcc11e3b0cf00262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:57:41 |
|
2013-12-10 05:18:07 |
|