Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30029
HistoryNov 26, 2013 - 12:00 a.m.

[ MDVSA-2013:274 ] libjpeg

2013-11-2600:00:00
vulners.com
26
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2013:274
http://www.mandriva.com/en/support/security/

Package : libjpeg
Date : November 21, 2013
Affected: Enterprise Server 5.0

Problem Description:

Updated libjpeg packages fix security vulnerabilities:

A Heap-based buffer overflow was found in the way libjpeg-turbo
decompressed certain corrupt JPEG images in which the component
count was erroneously set to a large value. An attacker could create
a specially-crafted JPEG image that, when opened, could cause an
application using libpng to crash or, possibly, execute arbitrary
code with the privileges of the user running the application
(CVE-2012-2806).

libjpeg 6b and libjpeg-turbo will use uninitialized memory when
decoding images with missing SOS data for the luminance component
(Y) in presence of valid chroma data (Cr, Cb) (CVE-2013-6629).

libjpeg-turbo will use uninitialized memory when handling Huffman
tables (CVE-2013-6630).

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2806
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6630
http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2013:044/
http://advisories.mageia.org/MGASA-2013-0333.html

Updated Packages:

Mandriva Enterprise Server 5:
79d040dfdb170231f3c90e649c6726a8 mes5/i586/jpeg-progs-6b-43.1mdvmes5.2.i586.rpm
9fdefbd8518fecfd42c2a795abd7d5e4 mes5/i586/libjpeg62-6b-43.1mdvmes5.2.i586.rpm
9044749a76bc17e3a21d8bff786017a3 mes5/i586/libjpeg62-devel-6b-43.1mdvmes5.2.i586.rpm
35373c288fdc90904e610d723aef96a8 mes5/i586/libjpeg62-static-devel-6b-43.1mdvmes5.2.i586.rpm
0b9c6863a436a7dd8c162ea291ecfa79 mes5/SRPMS/libjpeg-6b-43.1mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
1503af16a0b1f50ada9c289480e6aba4 mes5/x86_64/jpeg-progs-6b-43.1mdvmes5.2.x86_64.rpm
d7dc5dc5e2e7d5b451cbe752040e1043 mes5/x86_64/lib64jpeg62-6b-43.1mdvmes5.2.x86_64.rpm
db64b158f6f1a46f019238995d4a27cb mes5/x86_64/lib64jpeg62-devel-6b-43.1mdvmes5.2.x86_64.rpm
b70b2089d2b46ca51df1a17b1331083c mes5/x86_64/lib64jpeg62-static-devel-6b-43.1mdvmes5.2.x86_64.rpm
0b9c6863a436a7dd8c162ea291ecfa79 mes5/SRPMS/libjpeg-6b-43.1mdvmes5.2.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFSjc59mqjQ0CJFipgRAsb5AJ9jS+6jBX2jVP+yu7yB5WUrHMG6LwCg500u
nXCFA6ay+oZjHVhnLR3GeUQ=
=BGGO
-----END PGP SIGNATURE-----

Related

securityvulns 7
nessus 67
redhat 4
ubuntu 3
amazon 1
centos 2
openvas 51
fedora 7
oraclelinux 2
veracode 2
gentoo 2
mozilla 1
mageia 2
f5 4
prion 3
ubuntucve 3
cve 3
debiancve 3
altlinux 1
mscve 1
mskb 6
freebsd 3
kaspersky 1
symantec 1
slackware 1
ibm 10
threatpost 1
chrome 1
osv 1
debian 2
suse 3
securityvulns
securityvulns
libjpeg multiple security vulnerabilities
2013-12-09 00:00:00
bugs in IJG jpeg6b &amp; libjpeg-turbo
2013-12-09 00:00:00
libjpeg-turbo
2012-08-06 00:00:00
nessus
nessus
Fedora 19 : mingw-libjpeg-turbo-1.3.1-1.fc19 (2014-6859)
2014-06-10 00:00:00
GLSA-201606-03 : libjpeg-turbo: Multiple vulnerabilities
2016-06-06 00:00:00
CentOS 6 : libjpeg-turbo (CESA-2013:1803)
2013-12-10 00:00:00
redhat
redhat
(RHSA-2013:1803) Moderate: libjpeg-turbo security update
2013-12-09 00:00:00
(RHSA-2013:1804) Moderate: libjpeg security update
2013-12-09 00:00:00
(RHSA-2014:0041) Important: rhev-hypervisor6 security update
2014-01-21 00:00:00
ubuntu
ubuntu
libjpeg, libjpeg-turbo vulnerabilities
2013-12-19 00:00:00
Thunderbird vulnerabilities
2013-12-11 00:00:00
Firefox vulnerabilities
2013-12-11 00:00:00
amazon
amazon
Medium: libjpeg-turbo
2013-12-17 21:32:00
centos
centos
libjpeg security update
2013-12-10 01:01:49
libjpeg security update
2013-12-10 00:47:48
openvas
openvas
Mageia: Security Advisory (MGASA-2013-0333)
2022-01-28 00:00:00
CentOS Update for libjpeg-turbo CESA-2013:1803 centos6
2013-12-17 00:00:00
Ubuntu: Security Advisory (USN-2060-1)
2013-12-23 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: libjpeg-turbo-1.2.90-3.fc19
2014-01-10 07:56:56
[SECURITY] Fedora 20 Update: libjpeg-turbo-1.3.0-2.fc20
2013-12-24 03:42:20
[SECURITY] Fedora 19 Update: mingw-libjpeg-turbo-1.3.1-1.fc19
2014-06-10 03:13:25
oraclelinux
oraclelinux
libjpeg-turbo security update
2013-12-09 00:00:00
libjpeg security update
2013-12-09 00:00:00
veracode
veracode
Sensitive Information Disclosure
2019-05-02 05:00:31
Information Disclosure
2019-01-15 08:53:01
gentoo
gentoo
libjpeg-turbo: Multiple vulnerabilities
2016-06-05 00:00:00
libjpeg-turbo: User-assisted execution of arbitrary code
2012-09-26 00:00:00
mozilla
mozilla
JPEG information leak — Mozilla
2013-12-10 00:00:00
mageia
mageia
Updated libjpeg packages fix vulnerabilities in libjpeg-turbo
2013-11-21 00:31:46
Updated chromium-browser-stable packages fix multiple vulnerabilities
2013-11-13 23:09:45
f5
f5
SOL62655427 - libjpeg-turbo vulnerability CVE-2013-6630
2016-02-18 00:00:00
K62655427 : libjpeg-turbo vulnerability CVE-2013-6630
2016-02-19 00:00:00
SOL59503294 - libjpeg vulnerability CVE-2013-6629
2016-02-19 00:00:00
prion
prion
Memory corruption
2013-11-19 04:50:00
Heap overflow
2012-08-13 20:55:00
Design/Logic Flaw
2013-11-19 04:50:00
ubuntucve
ubuntucve
CVE-2013-6630
2013-11-18 00:00:00
CVE-2012-2806
2012-08-13 00:00:00
CVE-2013-6629
2013-11-18 00:00:00
cve
cve
CVE-2013-6630
2013-11-19 04:50:00
CVE-2012-2806
2012-08-13 20:55:00
CVE-2013-6629
2013-11-19 04:50:00
debiancve
debiancve
CVE-2013-6630
2013-11-19 04:50:00
CVE-2012-2806
2012-08-13 20:55:00
CVE-2013-6629
2013-11-19 04:50:00
altlinux
altlinux
Security fix for the ALT Linux 7 package libjpeg-turbo version 2:1.2.1-alt1
2012-07-18 00:00:00
mscve
mscve
libjpeg Information Disclosure Vulnerability
2017-04-11 07:00:00
mskb
mskb
Security update for the libjpeg information disclosure vulnerability in Windows Vista and Windows Server 2008: April 11, 2017
2017-04-11 07:00:00
Security update for the libjpeg information disclosure vulnerability for Microsoft Silverlight 5: April 11, 2017
2017-04-11 07:00:00
Security update for the libjpeg information disclosure vulnerability in Windows Vista and Windows Server 2008: April 11, 2017
2017-04-11 07:00:00
freebsd
freebsd
libjpeg-turbo -- heap-based buffer overflow
2012-05-31 00:00:00
chromium -- multiple vulnerabilities
2013-11-12 00:00:00
mozilla -- multiple vulnerabilities
2013-12-09 00:00:00
kaspersky
kaspersky
KLA11061 Information disclosure vulnerability in Microsoft Windows
2017-04-11 00:00:00
symantec
symantec
libjpeg/libjpeg-turbo Library CVE-2013-6629 Memory Corruption Vulnerability
2013-11-12 00:00:00
slackware
slackware
[slackware-security] libjpeg
2013-12-17 03:49:12
ibm
ibm
Security Bulletin: IBM Transform Services for IBM i is vulnerable to denial of service, buffer overflow, and allowing attacker to obtain sensitive information due to multiple vulnerabilities.
2022-11-17 15:02:38
Security Bulletin: Vulnerabilities in libjpeg affect IBM BladeCenter Advanced Management Module (AMM)
2018-10-03 16:25:01
Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in libjpeg
2023-12-07 22:45:03
threatpost
threatpost
12 Flaws Fixed in Google Chrome
2013-11-12 13:17:53
chrome
chrome
Stable Channel Update
2013-11-12 00:00:00
osv
osv
chromium-browser - several
2013-11-16 00:00:00
debian
debian
[SECURITY] [DSA 2797-1] chromium-browser security update
2013-11-17 15:42:38
[SECURITY] [DSA 2797-1] chromium-browser security update
2013-11-17 15:42:38
suse
suse
chromium: update to 31.0.1650.57 (important)
2013-11-27 20:04:35
Mozilla updates 2013/12 (important)
2013-12-13 15:04:36
chromium: 31.0.1650.57 version update (important)
2013-11-27 20:04:13
JSON
Related for SECURITYVULNS:DOC:30029
securityvulns7nessus67redhat4ubuntu3amazon1centos2openvas51fedora7oraclelinux2veracode2gentoo2mozilla1mageia2f54prion3ubuntucve3cve3debiancve3altlinux1mscve1mskb6freebsd3kaspersky1symantec1slackware1ibm10threatpost1chrome1osv1debian2suse3