JVN/CVE Demo: Cveinfos

CVE

Id: 66576
CVE No.: CVE-2013-6629
Status: Candidate
Description: The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Phase: Assigned (20131105)
Votes: None (candidate not yet proposed)
Comments

Actions

Related CVE References

Id	CVE Id	CVE No.	Reference	Actions
645794	66576	CVE-2013-6629	FULLDISC:20131112 bugs in IJG jpeg6b & libjpeg-turbo	View
645795	66576	CVE-2013-6629	URL:http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html	View
645796	66576	CVE-2013-6629	CONFIRM:http://bugs.ghostscript.com/show_bug.cgi?id=686980	View
645797	66576	CVE-2013-6629	CONFIRM:http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html	View
645798	66576	CVE-2013-6629	CONFIRM:https://code.google.com/p/chromium/issues/detail?id=258723	View
645799	66576	CVE-2013-6629	CONFIRM:https://src.chromium.org/viewvc/chrome?revision=229729&view=revision	View
645800	66576	CVE-2013-6629	CONFIRM:http://www.mozilla.org/security/announce/2013/mfsa2013-116.html	View
645801	66576	CVE-2013-6629	CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=891693	View
645802	66576	CVE-2013-6629	CONFIRM:http://advisories.mageia.org/MGASA-2013-0333.html	View
645803	66576	CVE-2013-6629	CONFIRM:http://support.apple.com/kb/HT6150	View
645804	66576	CVE-2013-6629	CONFIRM:http://support.apple.com/kb/HT6162	View
645805	66576	CVE-2013-6629	CONFIRM:http://support.apple.com/kb/HT6163	View
645806	66576	CVE-2013-6629	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html	View
645807	66576	CVE-2013-6629	CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21672080	View
645808	66576	CVE-2013-6629	CONFIRM:https://www.ibm.com/support/docview.wss?uid=swg21675973	View
645809	66576	CVE-2013-6629	CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676746	View
645810	66576	CVE-2013-6629	CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	View
645811	66576	CVE-2013-6629	CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705	View
645812	66576	CVE-2013-6629	CONFIRM:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2013-6629	View
645813	66576	CVE-2013-6629	DEBIAN:DSA-2799	View
645814	66576	CVE-2013-6629	URL:http://www.debian.org/security/2013/dsa-2799	View
645815	66576	CVE-2013-6629	FEDORA:FEDORA-2013-23127	View
645816	66576	CVE-2013-6629	URL:http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html	View
645817	66576	CVE-2013-6629	FEDORA:FEDORA-2013-23291	View
645818	66576	CVE-2013-6629	URL:http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html	View
645819	66576	CVE-2013-6629	FEDORA:FEDORA-2013-23295	View
645820	66576	CVE-2013-6629	URL:http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html	View
645821	66576	CVE-2013-6629	FEDORA:FEDORA-2013-23519	View
645822	66576	CVE-2013-6629	URL:http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html	View
645823	66576	CVE-2013-6629	GENTOO:GLSA-201406-32	View
645824	66576	CVE-2013-6629	URL:http://security.gentoo.org/glsa/glsa-201406-32.xml	View
645825	66576	CVE-2013-6629	GENTOO:GLSA-201606-03	View
645826	66576	CVE-2013-6629	URL:https://security.gentoo.org/glsa/201606-03	View
645827	66576	CVE-2013-6629	HP:HPSBUX03091	View
645828	66576	CVE-2013-6629	URL:http://marc.info/?l=bugtraq&m=140852886808946&w=2	View
645829	66576	CVE-2013-6629	HP:HPSBUX03092	View
645830	66576	CVE-2013-6629	URL:http://marc.info/?l=bugtraq&m=140852974709252&w=2	View
645831	66576	CVE-2013-6629	HP:SSRT101667	View
645832	66576	CVE-2013-6629	URL:http://marc.info/?l=bugtraq&m=140852886808946&w=2	View
645833	66576	CVE-2013-6629	HP:SSRT101668	View
645834	66576	CVE-2013-6629	URL:http://marc.info/?l=bugtraq&m=140852974709252&w=2	View
645835	66576	CVE-2013-6629	MANDRIVA:MDVSA-2013:273	View
645836	66576	CVE-2013-6629	URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:273	View
645837	66576	CVE-2013-6629	REDHAT:RHSA-2013:1803	View
645838	66576	CVE-2013-6629	URL:http://rhn.redhat.com/errata/RHSA-2013-1803.html	View
645839	66576	CVE-2013-6629	REDHAT:RHSA-2013:1804	View
645840	66576	CVE-2013-6629	URL:http://rhn.redhat.com/errata/RHSA-2013-1804.html	View
645841	66576	CVE-2013-6629	SUSE:openSUSE-SU-2013:1776	View
645842	66576	CVE-2013-6629	URL:http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html	View
645843	66576	CVE-2013-6629	SUSE:openSUSE-SU-2013:1777	View
645844	66576	CVE-2013-6629	URL:http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html	View
645845	66576	CVE-2013-6629	SUSE:openSUSE-SU-2013:1861	View
645846	66576	CVE-2013-6629	URL:http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html	View
645847	66576	CVE-2013-6629	SUSE:openSUSE-SU-2013:1957	View
645848	66576	CVE-2013-6629	URL:http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html	View
645849	66576	CVE-2013-6629	SUSE:openSUSE-SU-2013:1958	View
645850	66576	CVE-2013-6629	URL:http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html	View
645851	66576	CVE-2013-6629	SUSE:openSUSE-SU-2013:1959	View
645852	66576	CVE-2013-6629	URL:http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html	View
645853	66576	CVE-2013-6629	SUSE:openSUSE-SU-2014:0008	View
645854	66576	CVE-2013-6629	URL:http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html	View
645855	66576	CVE-2013-6629	SUSE:openSUSE-SU-2013:1916	View
645856	66576	CVE-2013-6629	URL:http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html	View
645857	66576	CVE-2013-6629	SUSE:openSUSE-SU-2013:1917	View
645858	66576	CVE-2013-6629	URL:http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html	View
645859	66576	CVE-2013-6629	SUSE:openSUSE-SU-2013:1918	View
645860	66576	CVE-2013-6629	URL:http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html	View
645861	66576	CVE-2013-6629	SUSE:openSUSE-SU-2014:0065	View
645862	66576	CVE-2013-6629	URL:http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html	View
645863	66576	CVE-2013-6629	UBUNTU:USN-2052-1	View
645864	66576	CVE-2013-6629	URL:http://www.ubuntu.com/usn/USN-2052-1	View
645865	66576	CVE-2013-6629	UBUNTU:USN-2053-1	View
645866	66576	CVE-2013-6629	URL:http://www.ubuntu.com/usn/USN-2053-1	View
645867	66576	CVE-2013-6629	UBUNTU:USN-2060-1	View
645868	66576	CVE-2013-6629	URL:http://www.ubuntu.com/usn/USN-2060-1	View
645869	66576	CVE-2013-6629	BID:63676	View
645870	66576	CVE-2013-6629	URL:http://www.securityfocus.com/bid/63676	View
645871	66576	CVE-2013-6629	SECTRACK:1029470	View
645872	66576	CVE-2013-6629	URL:http://www.securitytracker.com/id/1029470	View
645873	66576	CVE-2013-6629	SECTRACK:1029476	View
645874	66576	CVE-2013-6629	URL:http://www.securitytracker.com/id/1029476	View
645875	66576	CVE-2013-6629	SECUNIA:56175	View
645876	66576	CVE-2013-6629	URL:http://secunia.com/advisories/56175	View
645877	66576	CVE-2013-6629	SECUNIA:58974	View
645878	66576	CVE-2013-6629	URL:http://secunia.com/advisories/58974	View
645879	66576	CVE-2013-6629	SECUNIA:59058	View

Related JVN

Id	JVN No.	Title	Summary	CVE No.	CVE Id	CVSS_v2	CVSS_v3	JVN URL	Actions
23798	JVNDB-2013-005373	Google Chrome の browser/ui/sync/one_click_signin_helper.cc におけるセッション固定攻撃を実行される脆弱性	Google Chrome の browser/ui/sync/one_click_signin_helper.cc の OneClickSigninHelper::ShowInfoBarIfPossible 関数は、レルム検証中に誤った URL を使用するため、セッション固定攻撃を実行され、Web セッションをハイジャックされる脆弱性が存在します。	CVE-2013-6634	66576	6.8		http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-005373.html	View

Message	Memory use
Component initialization	1.39 MB
Controller action start	1.49 MB
Controller render start	2.40 MB
View render complete	2.95 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	2.92
Event: Controller.initialize	0.02
Event: Controller.startup	0.07
Controller action	410.58
Event: Controller.beforeRender	5.05
» Processing toolbar data	4.95
Rendering View	24.13
» Event: View.beforeRender	0.02
» Rendering APP/View/Cveinfos/view.ctp	23.13
» Event: View.afterRender	0.02
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	0.55
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	0.09
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/cveinfos/view/66576
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/cveinfos/view/66576
Remote Port	18593
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	216.73.216.173
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Connection	close
Http Cache Control	max-age=259200
Http X Forwarded For	10.3.25.50
Http Via	1.1 squid-proxy-5b5d847c96-mtcd4 (squid/6.10)
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Suspectharddos	1
Suspectdos	1
X Dostranslated Ip	216.73.216.173
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	216.73.216.173
Unique Id	aMPK6RAldYGBHIufB8FYcwAAAPE
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Suspectharddos	1
Redirect Suspectdos	1
Redirect X Dostranslated Ip	216.73.216.173
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	216.73.216.173
Redirect Unique Id	aMPK6RAldYGBHIufB8FYcwAAAPE
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect Suspectharddos	1
Redirect Redirect Suspectdos	1
Redirect Redirect X Dostranslated Ip	216.73.216.173
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	216.73.216.173
Redirect Redirect Unique Id	aMPK6RAldYGBHIufB8FYcwAAAPE
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1757661929.0378
Request Time	1757661929

CVE

Actions

Related CVE References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files