SB2013121730 - Amazon Linux AMI update for libjpeg-turbo

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2013121730

SB2013121730 - Amazon Linux AMI update for libjpeg-turbo

Published: December 17, 2013

Security Bulletin ID SB2013121730
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2013-6629)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to an error in get_sos() function in jdmarker.c file within the libjpeg and libjpeg-turbo libraries when processing JPEG files. A remote attacker can create a specially crafeted JPEG file and read parts of unallocated memory on the system.

Successful exploitation of the vulnerability may allow an attacker to gain access to potentially sensitive information.


2) Input validation error (CVE-ID: CVE-2013-6630)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.


Remediation

Install update from vendor's website.

References