Main Vulnerability Database Vulnerabilities #VU1644

#VU1644 Information disclosure - CVE-2013-6629

Published: December 21, 2016 / Updated: April 12, 2017

Vulnerability identifier: #VU1644

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2013-6629

CWE-ID: CWE-125

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:

Software vendor:

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to an error in get_sos() function in jdmarker.c file within the libjpeg and libjpeg-turbo libraries when processing JPEG files. A remote attacker can create a specially crafeted JPEG file and read parts of unallocated memory on the system.

Successful exploitation of the vulnerability may allow an attacker to gain access to potentially sensitive information.

Remediation

Install update from vendor's website.

External links

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

#VU1644 Information disclosure - CVE-2013-6629

Description

Remediation

External links

Please verify you're human