JVN/CVE Demo: Nvdinfos

NVD

Id: 41557
Name: CVE-2013-6629
Description: The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Reject
CVSS Version: 2
CVSS Score: 5
Severity: Medium
CVSS Base Score: 5
CVSS Impact Subscore: 2.9
CVSS Exploit Subscore: 10
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Pub Date: 2017-01-18
Published: 2013-11-18
Modified Date: 2016-12-07
Seq: 2013-6629

Actions

Related NVD References

Id	NVD Id	NVD No.	Reference	Actions
210094	41557	CVE-2013-6629	http://advisories.mageia.org/MGASA-2013-0333.html	View
210095	41557	CVE-2013-6629	20131112 bugs in IJG jpeg6b & libjpeg-turbo	View
210096	41557	CVE-2013-6629	http://bugs.ghostscript.com/show_bug.cgi?id=686980	View
210097	41557	CVE-2013-6629	http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html	View
210098	41557	CVE-2013-6629	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705	View
210099	41557	CVE-2013-6629	FEDORA-2013-23127	View
210100	41557	CVE-2013-6629	FEDORA-2013-23295	View
210101	41557	CVE-2013-6629	FEDORA-2013-23519	View
210102	41557	CVE-2013-6629	FEDORA-2013-23291	View
210103	41557	CVE-2013-6629	openSUSE-SU-2013:1776	View
210104	41557	CVE-2013-6629	openSUSE-SU-2013:1777	View
210105	41557	CVE-2013-6629	openSUSE-SU-2013:1861	View
210106	41557	CVE-2013-6629	openSUSE-SU-2013:1916	View
210107	41557	CVE-2013-6629	openSUSE-SU-2013:1917	View
210108	41557	CVE-2013-6629	openSUSE-SU-2013:1918	View
210109	41557	CVE-2013-6629	openSUSE-SU-2013:1957	View
210110	41557	CVE-2013-6629	openSUSE-SU-2013:1958	View
210111	41557	CVE-2013-6629	openSUSE-SU-2013:1959	View
210112	41557	CVE-2013-6629	openSUSE-SU-2014:0008	View
210113	41557	CVE-2013-6629	openSUSE-SU-2014:0065	View
210114	41557	CVE-2013-6629	SSRT101667	View
210115	41557	CVE-2013-6629	SSRT101668	View
210116	41557	CVE-2013-6629	RHSA-2013:1803	View
210117	41557	CVE-2013-6629	RHSA-2013:1804	View
210118	41557	CVE-2013-6629	GLSA-201406-32	View
210119	41557	CVE-2013-6629	http://support.apple.com/kb/HT6150	View
210120	41557	CVE-2013-6629	http://support.apple.com/kb/HT6162	View
210121	41557	CVE-2013-6629	http://support.apple.com/kb/HT6163	View
210122	41557	CVE-2013-6629	http://www-01.ibm.com/support/docview.wss?uid=swg21672080	View
210123	41557	CVE-2013-6629	http://www-01.ibm.com/support/docview.wss?uid=swg21676746	View
210124	41557	CVE-2013-6629	DSA-2799	View
210125	41557	CVE-2013-6629	MDVSA-2013:273	View
210126	41557	CVE-2013-6629	http://www.mozilla.org/security/announce/2013/mfsa2013-116.html	View
210127	41557	CVE-2013-6629	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	View
210128	41557	CVE-2013-6629	http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html	View
210129	41557	CVE-2013-6629	1029470	View
210130	41557	CVE-2013-6629	1029476	View
210131	41557	CVE-2013-6629	USN-2052-1	View
210132	41557	CVE-2013-6629	USN-2053-1	View
210133	41557	CVE-2013-6629	USN-2060-1	View
210134	41557	CVE-2013-6629	https://bugzilla.mozilla.org/show_bug.cgi?id=891693	View
210135	41557	CVE-2013-6629	https://code.google.com/p/chromium/issues/detail?id=258723	View
210136	41557	CVE-2013-6629	GLSA-201606-03	View
210137	41557	CVE-2013-6629	https://src.chromium.org/viewvc/chrome?revision=229729&view=revision	View
210138	41557	CVE-2013-6629	https://www.ibm.com/support/docview.wss?uid=swg21675973	View

Related JVN

Id	Name	Title	Summary	Cveinfo Name	Cveinfo Id	Nvdinfo Name	Nvdinfo Id	Cvssv2	Cvssv3	Jvnurl	Published Date	Last Updated Date	Actions
23600	JVNDB-2013-005175	Google Chrome および Ghostscript などで使用される libjpeg 6b および libjpeg-turbo における重要な情報を取得される脆弱性	Google Chrome、Ghostscript およびその他の製品で使用される (1) libjpeg 6b および (2) libjpeg-turbo の jdmarker.c 内の get_sos 関数は、Start Of Scan (SOS) JPEG マーカーに従うセグメントの読み取り中にコンポーネントデータの特定の重複をチェックしないため、初期化されていないメモリ領域から重要な情報を取得される脆弱性が存在します。	CVE-2013-6629	66571	CVE-2013-6629	41557	5		http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-005175.html	2013-11-12	2015-03-16	View

Message	Memory use
Component initialization	1.39 MB
Controller action start	1.49 MB
Controller render start	2.35 MB
View render complete	32.33 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	2.58
Event: Controller.initialize	0.02
Event: Controller.startup	0.06
Controller action	271.04
Event: Controller.beforeRender	4.96
» Processing toolbar data	4.88
Rendering View	1221.17
» Event: View.beforeRender	0.02
» Rendering APP/View/Nvdinfos/view.ctp	1180.36
» Event: View.afterRender	0.04
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	25.53
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	7.46
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/nvdinfos/view/41557
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/nvdinfos/view/41557
Remote Port	44073
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	216.73.216.2
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Connection	close
Http Cache Control	max-age=259200
Http X Forwarded For	10.2.205.238
Http Via	1.1 squid-proxy-5b5d847c96-7xxml (squid/6.10)
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http Cookie	advanced-frontend=65jfd7g32e7lcdqbd9bneio2h5
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
X Dostranslated Ip	216.73.216.2
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	216.73.216.2
Unique Id	aEd1P2x5ARTDHGphNdomwAAAAX0
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect X Dostranslated Ip	216.73.216.2
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	216.73.216.2
Redirect Unique Id	aEd1P2x5ARTDHGphNdomwAAAAX0
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect X Dostranslated Ip	216.73.216.2
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	216.73.216.2
Redirect Redirect Unique Id	aEd1P2x5ARTDHGphNdomwAAAAX0
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1749513535.9354
Request Time	1749513535

NVD

Actions

Related NVD References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files