csaf_redhat - rhsa-2013

rhsa-2013_1804

Vulnerability from csaf_redhat

Published

2013-12-09 23:21

Modified

2024-09-13 08:27

Summary

Red Hat Security Advisory: libjpeg security update

Notes

Topic

An updated libjpeg package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Details

The libjpeg package contains a library of functions for manipulating JPEG images. It also contains simple client programs for accessing the libjpeg functions. An uninitialized memory read issue was found in the way libjpeg decoded images with missing Start Of Scan (SOS) JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of potentially sensitive information. (CVE-2013-6629) All libjpeg users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated libjpeg package that fixes one security issue is now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The libjpeg package contains a library of functions for manipulating JPEG\nimages. It also contains simple client programs for accessing the\nlibjpeg functions.\n\nAn uninitialized memory read issue was found in the way libjpeg decoded\nimages with missing Start Of Scan (SOS) JPEG markers. A remote attacker\ncould create a specially crafted JPEG image that, when decoded, could\npossibly lead to a disclosure of potentially sensitive information.\n(CVE-2013-6629)\n\nAll libjpeg users are advised to upgrade to this updated package, which\ncontains a backported patch to correct this issue.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2013:1804",
        "url": "https://access.redhat.com/errata/RHSA-2013:1804"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1031734",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1031734"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2013/rhsa-2013_1804.json"
      }
    ],
    "title": "Red Hat Security Advisory: libjpeg security update",
    "tracking": {
      "current_release_date": "2024-09-13T08:27:20+00:00",
      "generator": {
        "date": "2024-09-13T08:27:20+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHSA-2013:1804",
      "initial_release_date": "2013-12-09T23:21:00+00:00",
      "revision_history": [
        {
          "date": "2013-12-09T23:21:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2013-12-09T23:27:06+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-13T08:27:20+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                  "product_id": "5Client-5.10.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
                  "product_id": "5Client-Workstation-5.10.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::client_workstation"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux (v. 5 server)",
                "product": {
                  "name": "Red Hat Enterprise Linux (v. 5 server)",
                  "product_id": "5Server-5.10.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libjpeg-0:6b-38.i386",
                "product": {
                  "name": "libjpeg-0:6b-38.i386",
                  "product_id": "libjpeg-0:6b-38.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libjpeg@6b-38?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libjpeg-debuginfo-0:6b-38.i386",
                "product": {
                  "name": "libjpeg-debuginfo-0:6b-38.i386",
                  "product_id": "libjpeg-debuginfo-0:6b-38.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libjpeg-debuginfo@6b-38?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libjpeg-devel-0:6b-38.i386",
                "product": {
                  "name": "libjpeg-devel-0:6b-38.i386",
                  "product_id": "libjpeg-devel-0:6b-38.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libjpeg-devel@6b-38?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libjpeg-debuginfo-0:6b-38.ppc",
                "product": {
                  "name": "libjpeg-debuginfo-0:6b-38.ppc",
                  "product_id": "libjpeg-debuginfo-0:6b-38.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libjpeg-debuginfo@6b-38?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libjpeg-devel-0:6b-38.ppc",
                "product": {
                  "name": "libjpeg-devel-0:6b-38.ppc",
                  "product_id": "libjpeg-devel-0:6b-38.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libjpeg-devel@6b-38?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libjpeg-0:6b-38.ppc",
                "product": {
                  "name": "libjpeg-0:6b-38.ppc",
                  "product_id": "libjpeg-0:6b-38.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libjpeg@6b-38?arch=ppc"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libjpeg-debuginfo-0:6b-38.ppc64",
                "product": {
                  "name": "libjpeg-debuginfo-0:6b-38.ppc64",
                  "product_id": "libjpeg-debuginfo-0:6b-38.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libjpeg-debuginfo@6b-38?arch=ppc64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libjpeg-devel-0:6b-38.ppc64",
                "product": {
                  "name": "libjpeg-devel-0:6b-38.ppc64",
                  "product_id": "libjpeg-devel-0:6b-38.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libjpeg-devel@6b-38?arch=ppc64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libjpeg-0:6b-38.ppc64",
                "product": {
                  "name": "libjpeg-0:6b-38.ppc64",
                  "product_id": "libjpeg-0:6b-38.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libjpeg@6b-38?arch=ppc64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libjpeg-debuginfo-0:6b-38.s390",
                "product": {
                  "name": "libjpeg-debuginfo-0:6b-38.s390",
                  "product_id": "libjpeg-debuginfo-0:6b-38.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libjpeg-debuginfo@6b-38?arch=s390"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libjpeg-devel-0:6b-38.s390",
                "product": {
                  "name": "libjpeg-devel-0:6b-38.s390",
                  "product_id": "libjpeg-devel-0:6b-38.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libjpeg-devel@6b-38?arch=s390"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libjpeg-0:6b-38.s390",
                "product": {
                  "name": "libjpeg-0:6b-38.s390",
                  "product_id": "libjpeg-0:6b-38.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libjpeg@6b-38?arch=s390"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libjpeg-debuginfo-0:6b-38.s390x",
                "product": {
                  "name": "libjpeg-debuginfo-0:6b-38.s390x",
                  "product_id": "libjpeg-debuginfo-0:6b-38.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libjpeg-debuginfo@6b-38?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libjpeg-devel-0:6b-38.s390x",
                "product": {
                  "name": "libjpeg-devel-0:6b-38.s390x",
                  "product_id": "libjpeg-devel-0:6b-38.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libjpeg-devel@6b-38?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libjpeg-0:6b-38.s390x",
                "product": {
                  "name": "libjpeg-0:6b-38.s390x",
                  "product_id": "libjpeg-0:6b-38.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libjpeg@6b-38?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libjpeg-debuginfo-0:6b-38.ia64",
                "product": {
                  "name": "libjpeg-debuginfo-0:6b-38.ia64",
                  "product_id": "libjpeg-debuginfo-0:6b-38.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libjpeg-debuginfo@6b-38?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libjpeg-devel-0:6b-38.ia64",
                "product": {
                  "name": "libjpeg-devel-0:6b-38.ia64",
                  "product_id": "libjpeg-devel-0:6b-38.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libjpeg-devel@6b-38?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libjpeg-0:6b-38.ia64",
                "product": {
                  "name": "libjpeg-0:6b-38.ia64",
                  "product_id": "libjpeg-0:6b-38.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libjpeg@6b-38?arch=ia64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libjpeg-0:6b-38.src",
                "product": {
                  "name": "libjpeg-0:6b-38.src",
                  "product_id": "libjpeg-0:6b-38.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libjpeg@6b-38?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libjpeg-debuginfo-0:6b-38.x86_64",
                "product": {
                  "name": "libjpeg-debuginfo-0:6b-38.x86_64",
                  "product_id": "libjpeg-debuginfo-0:6b-38.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libjpeg-debuginfo@6b-38?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libjpeg-0:6b-38.x86_64",
                "product": {
                  "name": "libjpeg-0:6b-38.x86_64",
                  "product_id": "libjpeg-0:6b-38.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libjpeg@6b-38?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libjpeg-devel-0:6b-38.x86_64",
                "product": {
                  "name": "libjpeg-devel-0:6b-38.x86_64",
                  "product_id": "libjpeg-devel-0:6b-38.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libjpeg-devel@6b-38?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-0:6b-38.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client-5.10.Z:libjpeg-0:6b-38.i386"
        },
        "product_reference": "libjpeg-0:6b-38.i386",
        "relates_to_product_reference": "5Client-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-0:6b-38.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client-5.10.Z:libjpeg-0:6b-38.ia64"
        },
        "product_reference": "libjpeg-0:6b-38.ia64",
        "relates_to_product_reference": "5Client-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-0:6b-38.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client-5.10.Z:libjpeg-0:6b-38.ppc"
        },
        "product_reference": "libjpeg-0:6b-38.ppc",
        "relates_to_product_reference": "5Client-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-0:6b-38.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client-5.10.Z:libjpeg-0:6b-38.ppc64"
        },
        "product_reference": "libjpeg-0:6b-38.ppc64",
        "relates_to_product_reference": "5Client-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-0:6b-38.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client-5.10.Z:libjpeg-0:6b-38.s390"
        },
        "product_reference": "libjpeg-0:6b-38.s390",
        "relates_to_product_reference": "5Client-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-0:6b-38.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client-5.10.Z:libjpeg-0:6b-38.s390x"
        },
        "product_reference": "libjpeg-0:6b-38.s390x",
        "relates_to_product_reference": "5Client-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-0:6b-38.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client-5.10.Z:libjpeg-0:6b-38.src"
        },
        "product_reference": "libjpeg-0:6b-38.src",
        "relates_to_product_reference": "5Client-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-0:6b-38.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client-5.10.Z:libjpeg-0:6b-38.x86_64"
        },
        "product_reference": "libjpeg-0:6b-38.x86_64",
        "relates_to_product_reference": "5Client-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-debuginfo-0:6b-38.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client-5.10.Z:libjpeg-debuginfo-0:6b-38.i386"
        },
        "product_reference": "libjpeg-debuginfo-0:6b-38.i386",
        "relates_to_product_reference": "5Client-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-debuginfo-0:6b-38.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client-5.10.Z:libjpeg-debuginfo-0:6b-38.ia64"
        },
        "product_reference": "libjpeg-debuginfo-0:6b-38.ia64",
        "relates_to_product_reference": "5Client-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-debuginfo-0:6b-38.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client-5.10.Z:libjpeg-debuginfo-0:6b-38.ppc"
        },
        "product_reference": "libjpeg-debuginfo-0:6b-38.ppc",
        "relates_to_product_reference": "5Client-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-debuginfo-0:6b-38.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client-5.10.Z:libjpeg-debuginfo-0:6b-38.ppc64"
        },
        "product_reference": "libjpeg-debuginfo-0:6b-38.ppc64",
        "relates_to_product_reference": "5Client-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-debuginfo-0:6b-38.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client-5.10.Z:libjpeg-debuginfo-0:6b-38.s390"
        },
        "product_reference": "libjpeg-debuginfo-0:6b-38.s390",
        "relates_to_product_reference": "5Client-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-debuginfo-0:6b-38.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client-5.10.Z:libjpeg-debuginfo-0:6b-38.s390x"
        },
        "product_reference": "libjpeg-debuginfo-0:6b-38.s390x",
        "relates_to_product_reference": "5Client-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-debuginfo-0:6b-38.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client-5.10.Z:libjpeg-debuginfo-0:6b-38.x86_64"
        },
        "product_reference": "libjpeg-debuginfo-0:6b-38.x86_64",
        "relates_to_product_reference": "5Client-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-devel-0:6b-38.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client-5.10.Z:libjpeg-devel-0:6b-38.i386"
        },
        "product_reference": "libjpeg-devel-0:6b-38.i386",
        "relates_to_product_reference": "5Client-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-devel-0:6b-38.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client-5.10.Z:libjpeg-devel-0:6b-38.ia64"
        },
        "product_reference": "libjpeg-devel-0:6b-38.ia64",
        "relates_to_product_reference": "5Client-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-devel-0:6b-38.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client-5.10.Z:libjpeg-devel-0:6b-38.ppc"
        },
        "product_reference": "libjpeg-devel-0:6b-38.ppc",
        "relates_to_product_reference": "5Client-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-devel-0:6b-38.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client-5.10.Z:libjpeg-devel-0:6b-38.ppc64"
        },
        "product_reference": "libjpeg-devel-0:6b-38.ppc64",
        "relates_to_product_reference": "5Client-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-devel-0:6b-38.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client-5.10.Z:libjpeg-devel-0:6b-38.s390"
        },
        "product_reference": "libjpeg-devel-0:6b-38.s390",
        "relates_to_product_reference": "5Client-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-devel-0:6b-38.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client-5.10.Z:libjpeg-devel-0:6b-38.s390x"
        },
        "product_reference": "libjpeg-devel-0:6b-38.s390x",
        "relates_to_product_reference": "5Client-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-devel-0:6b-38.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client-5.10.Z:libjpeg-devel-0:6b-38.x86_64"
        },
        "product_reference": "libjpeg-devel-0:6b-38.x86_64",
        "relates_to_product_reference": "5Client-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-0:6b-38.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation-5.10.Z:libjpeg-0:6b-38.i386"
        },
        "product_reference": "libjpeg-0:6b-38.i386",
        "relates_to_product_reference": "5Client-Workstation-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-0:6b-38.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation-5.10.Z:libjpeg-0:6b-38.ia64"
        },
        "product_reference": "libjpeg-0:6b-38.ia64",
        "relates_to_product_reference": "5Client-Workstation-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-0:6b-38.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation-5.10.Z:libjpeg-0:6b-38.ppc"
        },
        "product_reference": "libjpeg-0:6b-38.ppc",
        "relates_to_product_reference": "5Client-Workstation-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-0:6b-38.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation-5.10.Z:libjpeg-0:6b-38.ppc64"
        },
        "product_reference": "libjpeg-0:6b-38.ppc64",
        "relates_to_product_reference": "5Client-Workstation-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-0:6b-38.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation-5.10.Z:libjpeg-0:6b-38.s390"
        },
        "product_reference": "libjpeg-0:6b-38.s390",
        "relates_to_product_reference": "5Client-Workstation-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-0:6b-38.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation-5.10.Z:libjpeg-0:6b-38.s390x"
        },
        "product_reference": "libjpeg-0:6b-38.s390x",
        "relates_to_product_reference": "5Client-Workstation-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-0:6b-38.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation-5.10.Z:libjpeg-0:6b-38.src"
        },
        "product_reference": "libjpeg-0:6b-38.src",
        "relates_to_product_reference": "5Client-Workstation-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-0:6b-38.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation-5.10.Z:libjpeg-0:6b-38.x86_64"
        },
        "product_reference": "libjpeg-0:6b-38.x86_64",
        "relates_to_product_reference": "5Client-Workstation-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-debuginfo-0:6b-38.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation-5.10.Z:libjpeg-debuginfo-0:6b-38.i386"
        },
        "product_reference": "libjpeg-debuginfo-0:6b-38.i386",
        "relates_to_product_reference": "5Client-Workstation-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-debuginfo-0:6b-38.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation-5.10.Z:libjpeg-debuginfo-0:6b-38.ia64"
        },
        "product_reference": "libjpeg-debuginfo-0:6b-38.ia64",
        "relates_to_product_reference": "5Client-Workstation-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-debuginfo-0:6b-38.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation-5.10.Z:libjpeg-debuginfo-0:6b-38.ppc"
        },
        "product_reference": "libjpeg-debuginfo-0:6b-38.ppc",
        "relates_to_product_reference": "5Client-Workstation-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-debuginfo-0:6b-38.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation-5.10.Z:libjpeg-debuginfo-0:6b-38.ppc64"
        },
        "product_reference": "libjpeg-debuginfo-0:6b-38.ppc64",
        "relates_to_product_reference": "5Client-Workstation-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-debuginfo-0:6b-38.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation-5.10.Z:libjpeg-debuginfo-0:6b-38.s390"
        },
        "product_reference": "libjpeg-debuginfo-0:6b-38.s390",
        "relates_to_product_reference": "5Client-Workstation-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-debuginfo-0:6b-38.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation-5.10.Z:libjpeg-debuginfo-0:6b-38.s390x"
        },
        "product_reference": "libjpeg-debuginfo-0:6b-38.s390x",
        "relates_to_product_reference": "5Client-Workstation-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-debuginfo-0:6b-38.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation-5.10.Z:libjpeg-debuginfo-0:6b-38.x86_64"
        },
        "product_reference": "libjpeg-debuginfo-0:6b-38.x86_64",
        "relates_to_product_reference": "5Client-Workstation-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-devel-0:6b-38.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation-5.10.Z:libjpeg-devel-0:6b-38.i386"
        },
        "product_reference": "libjpeg-devel-0:6b-38.i386",
        "relates_to_product_reference": "5Client-Workstation-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-devel-0:6b-38.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation-5.10.Z:libjpeg-devel-0:6b-38.ia64"
        },
        "product_reference": "libjpeg-devel-0:6b-38.ia64",
        "relates_to_product_reference": "5Client-Workstation-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-devel-0:6b-38.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation-5.10.Z:libjpeg-devel-0:6b-38.ppc"
        },
        "product_reference": "libjpeg-devel-0:6b-38.ppc",
        "relates_to_product_reference": "5Client-Workstation-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-devel-0:6b-38.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation-5.10.Z:libjpeg-devel-0:6b-38.ppc64"
        },
        "product_reference": "libjpeg-devel-0:6b-38.ppc64",
        "relates_to_product_reference": "5Client-Workstation-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-devel-0:6b-38.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation-5.10.Z:libjpeg-devel-0:6b-38.s390"
        },
        "product_reference": "libjpeg-devel-0:6b-38.s390",
        "relates_to_product_reference": "5Client-Workstation-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-devel-0:6b-38.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation-5.10.Z:libjpeg-devel-0:6b-38.s390x"
        },
        "product_reference": "libjpeg-devel-0:6b-38.s390x",
        "relates_to_product_reference": "5Client-Workstation-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-devel-0:6b-38.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation-5.10.Z:libjpeg-devel-0:6b-38.x86_64"
        },
        "product_reference": "libjpeg-devel-0:6b-38.x86_64",
        "relates_to_product_reference": "5Client-Workstation-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-0:6b-38.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.10.Z:libjpeg-0:6b-38.i386"
        },
        "product_reference": "libjpeg-0:6b-38.i386",
        "relates_to_product_reference": "5Server-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-0:6b-38.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.10.Z:libjpeg-0:6b-38.ia64"
        },
        "product_reference": "libjpeg-0:6b-38.ia64",
        "relates_to_product_reference": "5Server-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-0:6b-38.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.10.Z:libjpeg-0:6b-38.ppc"
        },
        "product_reference": "libjpeg-0:6b-38.ppc",
        "relates_to_product_reference": "5Server-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-0:6b-38.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.10.Z:libjpeg-0:6b-38.ppc64"
        },
        "product_reference": "libjpeg-0:6b-38.ppc64",
        "relates_to_product_reference": "5Server-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-0:6b-38.s390 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.10.Z:libjpeg-0:6b-38.s390"
        },
        "product_reference": "libjpeg-0:6b-38.s390",
        "relates_to_product_reference": "5Server-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-0:6b-38.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.10.Z:libjpeg-0:6b-38.s390x"
        },
        "product_reference": "libjpeg-0:6b-38.s390x",
        "relates_to_product_reference": "5Server-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-0:6b-38.src as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.10.Z:libjpeg-0:6b-38.src"
        },
        "product_reference": "libjpeg-0:6b-38.src",
        "relates_to_product_reference": "5Server-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-0:6b-38.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.10.Z:libjpeg-0:6b-38.x86_64"
        },
        "product_reference": "libjpeg-0:6b-38.x86_64",
        "relates_to_product_reference": "5Server-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-debuginfo-0:6b-38.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.10.Z:libjpeg-debuginfo-0:6b-38.i386"
        },
        "product_reference": "libjpeg-debuginfo-0:6b-38.i386",
        "relates_to_product_reference": "5Server-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-debuginfo-0:6b-38.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.10.Z:libjpeg-debuginfo-0:6b-38.ia64"
        },
        "product_reference": "libjpeg-debuginfo-0:6b-38.ia64",
        "relates_to_product_reference": "5Server-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-debuginfo-0:6b-38.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.10.Z:libjpeg-debuginfo-0:6b-38.ppc"
        },
        "product_reference": "libjpeg-debuginfo-0:6b-38.ppc",
        "relates_to_product_reference": "5Server-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-debuginfo-0:6b-38.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.10.Z:libjpeg-debuginfo-0:6b-38.ppc64"
        },
        "product_reference": "libjpeg-debuginfo-0:6b-38.ppc64",
        "relates_to_product_reference": "5Server-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-debuginfo-0:6b-38.s390 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.10.Z:libjpeg-debuginfo-0:6b-38.s390"
        },
        "product_reference": "libjpeg-debuginfo-0:6b-38.s390",
        "relates_to_product_reference": "5Server-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-debuginfo-0:6b-38.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.10.Z:libjpeg-debuginfo-0:6b-38.s390x"
        },
        "product_reference": "libjpeg-debuginfo-0:6b-38.s390x",
        "relates_to_product_reference": "5Server-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-debuginfo-0:6b-38.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.10.Z:libjpeg-debuginfo-0:6b-38.x86_64"
        },
        "product_reference": "libjpeg-debuginfo-0:6b-38.x86_64",
        "relates_to_product_reference": "5Server-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-devel-0:6b-38.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.10.Z:libjpeg-devel-0:6b-38.i386"
        },
        "product_reference": "libjpeg-devel-0:6b-38.i386",
        "relates_to_product_reference": "5Server-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-devel-0:6b-38.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.10.Z:libjpeg-devel-0:6b-38.ia64"
        },
        "product_reference": "libjpeg-devel-0:6b-38.ia64",
        "relates_to_product_reference": "5Server-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-devel-0:6b-38.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.10.Z:libjpeg-devel-0:6b-38.ppc"
        },
        "product_reference": "libjpeg-devel-0:6b-38.ppc",
        "relates_to_product_reference": "5Server-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-devel-0:6b-38.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.10.Z:libjpeg-devel-0:6b-38.ppc64"
        },
        "product_reference": "libjpeg-devel-0:6b-38.ppc64",
        "relates_to_product_reference": "5Server-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-devel-0:6b-38.s390 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.10.Z:libjpeg-devel-0:6b-38.s390"
        },
        "product_reference": "libjpeg-devel-0:6b-38.s390",
        "relates_to_product_reference": "5Server-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-devel-0:6b-38.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.10.Z:libjpeg-devel-0:6b-38.s390x"
        },
        "product_reference": "libjpeg-devel-0:6b-38.s390x",
        "relates_to_product_reference": "5Server-5.10.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libjpeg-devel-0:6b-38.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.10.Z:libjpeg-devel-0:6b-38.x86_64"
        },
        "product_reference": "libjpeg-devel-0:6b-38.x86_64",
        "relates_to_product_reference": "5Server-5.10.Z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2013-6629",
      "cwe": {
        "id": "CWE-456",
        "name": "Missing Initialization of a Variable"
      },
      "discovery_date": "2013-11-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1031734"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libjpeg: information leak (read of uninitialized memory)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-5.10.Z:libjpeg-0:6b-38.i386",
          "5Client-5.10.Z:libjpeg-0:6b-38.ia64",
          "5Client-5.10.Z:libjpeg-0:6b-38.ppc",
          "5Client-5.10.Z:libjpeg-0:6b-38.ppc64",
          "5Client-5.10.Z:libjpeg-0:6b-38.s390",
          "5Client-5.10.Z:libjpeg-0:6b-38.s390x",
          "5Client-5.10.Z:libjpeg-0:6b-38.src",
          "5Client-5.10.Z:libjpeg-0:6b-38.x86_64",
          "5Client-5.10.Z:libjpeg-debuginfo-0:6b-38.i386",
          "5Client-5.10.Z:libjpeg-debuginfo-0:6b-38.ia64",
          "5Client-5.10.Z:libjpeg-debuginfo-0:6b-38.ppc",
          "5Client-5.10.Z:libjpeg-debuginfo-0:6b-38.ppc64",
          "5Client-5.10.Z:libjpeg-debuginfo-0:6b-38.s390",
          "5Client-5.10.Z:libjpeg-debuginfo-0:6b-38.s390x",
          "5Client-5.10.Z:libjpeg-debuginfo-0:6b-38.x86_64",
          "5Client-5.10.Z:libjpeg-devel-0:6b-38.i386",
          "5Client-5.10.Z:libjpeg-devel-0:6b-38.ia64",
          "5Client-5.10.Z:libjpeg-devel-0:6b-38.ppc",
          "5Client-5.10.Z:libjpeg-devel-0:6b-38.ppc64",
          "5Client-5.10.Z:libjpeg-devel-0:6b-38.s390",
          "5Client-5.10.Z:libjpeg-devel-0:6b-38.s390x",
          "5Client-5.10.Z:libjpeg-devel-0:6b-38.x86_64",
          "5Client-Workstation-5.10.Z:libjpeg-0:6b-38.i386",
          "5Client-Workstation-5.10.Z:libjpeg-0:6b-38.ia64",
          "5Client-Workstation-5.10.Z:libjpeg-0:6b-38.ppc",
          "5Client-Workstation-5.10.Z:libjpeg-0:6b-38.ppc64",
          "5Client-Workstation-5.10.Z:libjpeg-0:6b-38.s390",
          "5Client-Workstation-5.10.Z:libjpeg-0:6b-38.s390x",
          "5Client-Workstation-5.10.Z:libjpeg-0:6b-38.src",
          "5Client-Workstation-5.10.Z:libjpeg-0:6b-38.x86_64",
          "5Client-Workstation-5.10.Z:libjpeg-debuginfo-0:6b-38.i386",
          "5Client-Workstation-5.10.Z:libjpeg-debuginfo-0:6b-38.ia64",
          "5Client-Workstation-5.10.Z:libjpeg-debuginfo-0:6b-38.ppc",
          "5Client-Workstation-5.10.Z:libjpeg-debuginfo-0:6b-38.ppc64",
          "5Client-Workstation-5.10.Z:libjpeg-debuginfo-0:6b-38.s390",
          "5Client-Workstation-5.10.Z:libjpeg-debuginfo-0:6b-38.s390x",
          "5Client-Workstation-5.10.Z:libjpeg-debuginfo-0:6b-38.x86_64",
          "5Client-Workstation-5.10.Z:libjpeg-devel-0:6b-38.i386",
          "5Client-Workstation-5.10.Z:libjpeg-devel-0:6b-38.ia64",
          "5Client-Workstation-5.10.Z:libjpeg-devel-0:6b-38.ppc",
          "5Client-Workstation-5.10.Z:libjpeg-devel-0:6b-38.ppc64",
          "5Client-Workstation-5.10.Z:libjpeg-devel-0:6b-38.s390",
          "5Client-Workstation-5.10.Z:libjpeg-devel-0:6b-38.s390x",
          "5Client-Workstation-5.10.Z:libjpeg-devel-0:6b-38.x86_64",
          "5Server-5.10.Z:libjpeg-0:6b-38.i386",
          "5Server-5.10.Z:libjpeg-0:6b-38.ia64",
          "5Server-5.10.Z:libjpeg-0:6b-38.ppc",
          "5Server-5.10.Z:libjpeg-0:6b-38.ppc64",
          "5Server-5.10.Z:libjpeg-0:6b-38.s390",
          "5Server-5.10.Z:libjpeg-0:6b-38.s390x",
          "5Server-5.10.Z:libjpeg-0:6b-38.src",
          "5Server-5.10.Z:libjpeg-0:6b-38.x86_64",
          "5Server-5.10.Z:libjpeg-debuginfo-0:6b-38.i386",
          "5Server-5.10.Z:libjpeg-debuginfo-0:6b-38.ia64",
          "5Server-5.10.Z:libjpeg-debuginfo-0:6b-38.ppc",
          "5Server-5.10.Z:libjpeg-debuginfo-0:6b-38.ppc64",
          "5Server-5.10.Z:libjpeg-debuginfo-0:6b-38.s390",
          "5Server-5.10.Z:libjpeg-debuginfo-0:6b-38.s390x",
          "5Server-5.10.Z:libjpeg-debuginfo-0:6b-38.x86_64",
          "5Server-5.10.Z:libjpeg-devel-0:6b-38.i386",
          "5Server-5.10.Z:libjpeg-devel-0:6b-38.ia64",
          "5Server-5.10.Z:libjpeg-devel-0:6b-38.ppc",
          "5Server-5.10.Z:libjpeg-devel-0:6b-38.ppc64",
          "5Server-5.10.Z:libjpeg-devel-0:6b-38.s390",
          "5Server-5.10.Z:libjpeg-devel-0:6b-38.s390x",
          "5Server-5.10.Z:libjpeg-devel-0:6b-38.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-6629"
        },
        {
          "category": "external",
          "summary": "RHBZ#1031734",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1031734"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-6629",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-6629"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-6629",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6629"
        }
      ],
      "release_date": "2013-11-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "5Client-5.10.Z:libjpeg-0:6b-38.i386",
            "5Client-5.10.Z:libjpeg-0:6b-38.ia64",
            "5Client-5.10.Z:libjpeg-0:6b-38.ppc",
            "5Client-5.10.Z:libjpeg-0:6b-38.ppc64",
            "5Client-5.10.Z:libjpeg-0:6b-38.s390",
            "5Client-5.10.Z:libjpeg-0:6b-38.s390x",
            "5Client-5.10.Z:libjpeg-0:6b-38.src",
            "5Client-5.10.Z:libjpeg-0:6b-38.x86_64",
            "5Client-5.10.Z:libjpeg-debuginfo-0:6b-38.i386",
            "5Client-5.10.Z:libjpeg-debuginfo-0:6b-38.ia64",
            "5Client-5.10.Z:libjpeg-debuginfo-0:6b-38.ppc",
            "5Client-5.10.Z:libjpeg-debuginfo-0:6b-38.ppc64",
            "5Client-5.10.Z:libjpeg-debuginfo-0:6b-38.s390",
            "5Client-5.10.Z:libjpeg-debuginfo-0:6b-38.s390x",
            "5Client-5.10.Z:libjpeg-debuginfo-0:6b-38.x86_64",
            "5Client-5.10.Z:libjpeg-devel-0:6b-38.i386",
            "5Client-5.10.Z:libjpeg-devel-0:6b-38.ia64",
            "5Client-5.10.Z:libjpeg-devel-0:6b-38.ppc",
            "5Client-5.10.Z:libjpeg-devel-0:6b-38.ppc64",
            "5Client-5.10.Z:libjpeg-devel-0:6b-38.s390",
            "5Client-5.10.Z:libjpeg-devel-0:6b-38.s390x",
            "5Client-5.10.Z:libjpeg-devel-0:6b-38.x86_64",
            "5Client-Workstation-5.10.Z:libjpeg-0:6b-38.i386",
            "5Client-Workstation-5.10.Z:libjpeg-0:6b-38.ia64",
            "5Client-Workstation-5.10.Z:libjpeg-0:6b-38.ppc",
            "5Client-Workstation-5.10.Z:libjpeg-0:6b-38.ppc64",
            "5Client-Workstation-5.10.Z:libjpeg-0:6b-38.s390",
            "5Client-Workstation-5.10.Z:libjpeg-0:6b-38.s390x",
            "5Client-Workstation-5.10.Z:libjpeg-0:6b-38.src",
            "5Client-Workstation-5.10.Z:libjpeg-0:6b-38.x86_64",
            "5Client-Workstation-5.10.Z:libjpeg-debuginfo-0:6b-38.i386",
            "5Client-Workstation-5.10.Z:libjpeg-debuginfo-0:6b-38.ia64",
            "5Client-Workstation-5.10.Z:libjpeg-debuginfo-0:6b-38.ppc",
            "5Client-Workstation-5.10.Z:libjpeg-debuginfo-0:6b-38.ppc64",
            "5Client-Workstation-5.10.Z:libjpeg-debuginfo-0:6b-38.s390",
            "5Client-Workstation-5.10.Z:libjpeg-debuginfo-0:6b-38.s390x",
            "5Client-Workstation-5.10.Z:libjpeg-debuginfo-0:6b-38.x86_64",
            "5Client-Workstation-5.10.Z:libjpeg-devel-0:6b-38.i386",
            "5Client-Workstation-5.10.Z:libjpeg-devel-0:6b-38.ia64",
            "5Client-Workstation-5.10.Z:libjpeg-devel-0:6b-38.ppc",
            "5Client-Workstation-5.10.Z:libjpeg-devel-0:6b-38.ppc64",
            "5Client-Workstation-5.10.Z:libjpeg-devel-0:6b-38.s390",
            "5Client-Workstation-5.10.Z:libjpeg-devel-0:6b-38.s390x",
            "5Client-Workstation-5.10.Z:libjpeg-devel-0:6b-38.x86_64",
            "5Server-5.10.Z:libjpeg-0:6b-38.i386",
            "5Server-5.10.Z:libjpeg-0:6b-38.ia64",
            "5Server-5.10.Z:libjpeg-0:6b-38.ppc",
            "5Server-5.10.Z:libjpeg-0:6b-38.ppc64",
            "5Server-5.10.Z:libjpeg-0:6b-38.s390",
            "5Server-5.10.Z:libjpeg-0:6b-38.s390x",
            "5Server-5.10.Z:libjpeg-0:6b-38.src",
            "5Server-5.10.Z:libjpeg-0:6b-38.x86_64",
            "5Server-5.10.Z:libjpeg-debuginfo-0:6b-38.i386",
            "5Server-5.10.Z:libjpeg-debuginfo-0:6b-38.ia64",
            "5Server-5.10.Z:libjpeg-debuginfo-0:6b-38.ppc",
            "5Server-5.10.Z:libjpeg-debuginfo-0:6b-38.ppc64",
            "5Server-5.10.Z:libjpeg-debuginfo-0:6b-38.s390",
            "5Server-5.10.Z:libjpeg-debuginfo-0:6b-38.s390x",
            "5Server-5.10.Z:libjpeg-debuginfo-0:6b-38.x86_64",
            "5Server-5.10.Z:libjpeg-devel-0:6b-38.i386",
            "5Server-5.10.Z:libjpeg-devel-0:6b-38.ia64",
            "5Server-5.10.Z:libjpeg-devel-0:6b-38.ppc",
            "5Server-5.10.Z:libjpeg-devel-0:6b-38.ppc64",
            "5Server-5.10.Z:libjpeg-devel-0:6b-38.s390",
            "5Server-5.10.Z:libjpeg-devel-0:6b-38.s390x",
            "5Server-5.10.Z:libjpeg-devel-0:6b-38.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:1804"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "5Client-5.10.Z:libjpeg-0:6b-38.i386",
            "5Client-5.10.Z:libjpeg-0:6b-38.ia64",
            "5Client-5.10.Z:libjpeg-0:6b-38.ppc",
            "5Client-5.10.Z:libjpeg-0:6b-38.ppc64",
            "5Client-5.10.Z:libjpeg-0:6b-38.s390",
            "5Client-5.10.Z:libjpeg-0:6b-38.s390x",
            "5Client-5.10.Z:libjpeg-0:6b-38.src",
            "5Client-5.10.Z:libjpeg-0:6b-38.x86_64",
            "5Client-5.10.Z:libjpeg-debuginfo-0:6b-38.i386",
            "5Client-5.10.Z:libjpeg-debuginfo-0:6b-38.ia64",
            "5Client-5.10.Z:libjpeg-debuginfo-0:6b-38.ppc",
            "5Client-5.10.Z:libjpeg-debuginfo-0:6b-38.ppc64",
            "5Client-5.10.Z:libjpeg-debuginfo-0:6b-38.s390",
            "5Client-5.10.Z:libjpeg-debuginfo-0:6b-38.s390x",
            "5Client-5.10.Z:libjpeg-debuginfo-0:6b-38.x86_64",
            "5Client-5.10.Z:libjpeg-devel-0:6b-38.i386",
            "5Client-5.10.Z:libjpeg-devel-0:6b-38.ia64",
            "5Client-5.10.Z:libjpeg-devel-0:6b-38.ppc",
            "5Client-5.10.Z:libjpeg-devel-0:6b-38.ppc64",
            "5Client-5.10.Z:libjpeg-devel-0:6b-38.s390",
            "5Client-5.10.Z:libjpeg-devel-0:6b-38.s390x",
            "5Client-5.10.Z:libjpeg-devel-0:6b-38.x86_64",
            "5Client-Workstation-5.10.Z:libjpeg-0:6b-38.i386",
            "5Client-Workstation-5.10.Z:libjpeg-0:6b-38.ia64",
            "5Client-Workstation-5.10.Z:libjpeg-0:6b-38.ppc",
            "5Client-Workstation-5.10.Z:libjpeg-0:6b-38.ppc64",
            "5Client-Workstation-5.10.Z:libjpeg-0:6b-38.s390",
            "5Client-Workstation-5.10.Z:libjpeg-0:6b-38.s390x",
            "5Client-Workstation-5.10.Z:libjpeg-0:6b-38.src",
            "5Client-Workstation-5.10.Z:libjpeg-0:6b-38.x86_64",
            "5Client-Workstation-5.10.Z:libjpeg-debuginfo-0:6b-38.i386",
            "5Client-Workstation-5.10.Z:libjpeg-debuginfo-0:6b-38.ia64",
            "5Client-Workstation-5.10.Z:libjpeg-debuginfo-0:6b-38.ppc",
            "5Client-Workstation-5.10.Z:libjpeg-debuginfo-0:6b-38.ppc64",
            "5Client-Workstation-5.10.Z:libjpeg-debuginfo-0:6b-38.s390",
            "5Client-Workstation-5.10.Z:libjpeg-debuginfo-0:6b-38.s390x",
            "5Client-Workstation-5.10.Z:libjpeg-debuginfo-0:6b-38.x86_64",
            "5Client-Workstation-5.10.Z:libjpeg-devel-0:6b-38.i386",
            "5Client-Workstation-5.10.Z:libjpeg-devel-0:6b-38.ia64",
            "5Client-Workstation-5.10.Z:libjpeg-devel-0:6b-38.ppc",
            "5Client-Workstation-5.10.Z:libjpeg-devel-0:6b-38.ppc64",
            "5Client-Workstation-5.10.Z:libjpeg-devel-0:6b-38.s390",
            "5Client-Workstation-5.10.Z:libjpeg-devel-0:6b-38.s390x",
            "5Client-Workstation-5.10.Z:libjpeg-devel-0:6b-38.x86_64",
            "5Server-5.10.Z:libjpeg-0:6b-38.i386",
            "5Server-5.10.Z:libjpeg-0:6b-38.ia64",
            "5Server-5.10.Z:libjpeg-0:6b-38.ppc",
            "5Server-5.10.Z:libjpeg-0:6b-38.ppc64",
            "5Server-5.10.Z:libjpeg-0:6b-38.s390",
            "5Server-5.10.Z:libjpeg-0:6b-38.s390x",
            "5Server-5.10.Z:libjpeg-0:6b-38.src",
            "5Server-5.10.Z:libjpeg-0:6b-38.x86_64",
            "5Server-5.10.Z:libjpeg-debuginfo-0:6b-38.i386",
            "5Server-5.10.Z:libjpeg-debuginfo-0:6b-38.ia64",
            "5Server-5.10.Z:libjpeg-debuginfo-0:6b-38.ppc",
            "5Server-5.10.Z:libjpeg-debuginfo-0:6b-38.ppc64",
            "5Server-5.10.Z:libjpeg-debuginfo-0:6b-38.s390",
            "5Server-5.10.Z:libjpeg-debuginfo-0:6b-38.s390x",
            "5Server-5.10.Z:libjpeg-debuginfo-0:6b-38.x86_64",
            "5Server-5.10.Z:libjpeg-devel-0:6b-38.i386",
            "5Server-5.10.Z:libjpeg-devel-0:6b-38.ia64",
            "5Server-5.10.Z:libjpeg-devel-0:6b-38.ppc",
            "5Server-5.10.Z:libjpeg-devel-0:6b-38.ppc64",
            "5Server-5.10.Z:libjpeg-devel-0:6b-38.s390",
            "5Server-5.10.Z:libjpeg-devel-0:6b-38.s390x",
            "5Server-5.10.Z:libjpeg-devel-0:6b-38.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "libjpeg: information leak (read of uninitialized memory)"
    }
  ]
}

cve-2013-6629

Vulnerability from cvelistv5

Published

2013-11-15 20:00

Modified

2024-08-06 17:46

Severity

Summary

The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.

References

URL	Tags
http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html	mailing-list, x_refsource_FULLDISC
http://www.securityfocus.com/bid/63676	vdb-entry, x_refsource_BID
https://www.ibm.com/support/docview.wss?uid=swg21675973	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2014:0414	vendor-advisory, x_refsource_REDHAT
http://security.gentoo.org/glsa/glsa-201406-32.xml	vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2013-1804.html	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html	vendor-advisory, x_refsource_SUSE
http://marc.info/?l=bugtraq&m=140852886808946&w=2	vendor-advisory, x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=swg21672080	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2014:0413	vendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/59058	third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140852886808946&w=2	vendor-advisory, x_refsource_HP
http://rhn.redhat.com/errata/RHSA-2013-1803.html	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html	vendor-advisory, x_refsource_SUSE
http://marc.info/?l=bugtraq&m=140852974709252&w=2	vendor-advisory, x_refsource_HP
http://support.apple.com/kb/HT6163	x_refsource_CONFIRM
http://secunia.com/advisories/56175	third-party-advisory, x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html	vendor-advisory, x_refsource_FEDORA
http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html	vendor-advisory, x_refsource_SUSE
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html	vendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/58974	third-party-advisory, x_refsource_SECUNIA
http://www.securitytracker.com/id/1029470	vdb-entry, x_refsource_SECTRACK
https://bugzilla.mozilla.org/show_bug.cgi?id=891693	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html	vendor-advisory, x_refsource_SUSE
http://www.mozilla.org/security/announce/2013/mfsa2013-116.html	x_refsource_CONFIRM
http://support.apple.com/kb/HT6150	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html	vendor-advisory, x_refsource_SUSE
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	x_refsource_CONFIRM
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2013-6629	x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html	vendor-advisory, x_refsource_SUSE
http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html	x_refsource_CONFIRM
http://www.securitytracker.com/id/1029476	vdb-entry, x_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html	vendor-advisory, x_refsource_SUSE
http://marc.info/?l=bugtraq&m=140852974709252&w=2	vendor-advisory, x_refsource_HP
https://src.chromium.org/viewvc/chrome?revision=229729&view=revision	x_refsource_CONFIRM
https://security.gentoo.org/glsa/201606-03	vendor-advisory, x_refsource_GENTOO
http://www-01.ibm.com/support/docview.wss?uid=swg21676746	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html	vendor-advisory, x_refsource_SUSE
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html	vendor-advisory, x_refsource_FEDORA
http://support.apple.com/kb/HT6162	x_refsource_CONFIRM
https://code.google.com/p/chromium/issues/detail?id=258723	x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2052-1	vendor-advisory, x_refsource_UBUNTU
http://www.debian.org/security/2013/dsa-2799	vendor-advisory, x_refsource_DEBIAN
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html	vendor-advisory, x_refsource_SUSE
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705	x_refsource_CONFIRM
http://advisories.mageia.org/MGASA-2013-0333.html	x_refsource_CONFIRM
http://bugs.ghostscript.com/show_bug.cgi?id=686980	x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2013:273	vendor-advisory, x_refsource_MANDRIVA
http://www.ubuntu.com/usn/USN-2060-1	vendor-advisory, x_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2053-1	vendor-advisory, x_refsource_UBUNTU
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html	vendor-advisory, x_refsource_FEDORA

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website