https://bugzilla.redhat.com/show_bug.cgi?id=1031749
--- Comment #6 from Vincent Danen <vdanen(a)redhat.com> ---
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-6630 to
the following vulnerability:
Name: CVE-2013-6630
URL:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6630
Assigned: 20131105
Reference: FULLDISC:20131112 bugs in IJG jpeg6b & libjpeg-turbo
Reference:
http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html
Reference:
http://git.chromium.org/gitweb/?p=chromium/deps/libjpeg_turbo.git;a=commi...
Reference:
http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
Reference:
https://code.google.com/p/chromium/issues/detail?id=299835
The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as
used in Google Chrome before 31.0.1650.48 and other products, does not
set all elements of a certain Huffman value array during the reading
of segments that follow Define Huffman Table (DHT) JPEG markers, which
allows remote attackers to obtain sensitive information from
uninitialized memory locations via a crafted JPEG image.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=QsgVAejnYY&a=cc_unsubscribe