Описание
The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| chromium-browser | fixed | 31.0.1650.57-1 | package | |
| chromium-browser | end-of-life | squeeze | package | |
| libjpeg-turbo | fixed | 1.3.0-3 | package | |
| libjpeg6b | fixed | 6b1-4 | package | |
| libjpeg6b | no-dsa | squeeze | package | |
| libjpeg6b | fixed | 6b1-3+deb7u1 | wheezy | package |
| libjpeg8 | fixed | 8d-2 | package | |
| libjpeg8 | no-dsa | squeeze | package | |
| libjpeg8 | fixed | 8d-1+deb7u1 | wheezy | package |
| iceweasel | fixed | 24.2.0esr-1 | package | |
| iceweasel | end-of-life | squeeze | package | |
| icedove | fixed | 24.2.0-1 | package | |
| icedove | end-of-life | squeeze | package | |
| iceape | removed | package | ||
| iceape | end-of-life | squeeze | package | |
| iceape | end-of-life | wheezy | package |
Примечания
http://packetstormsecurity.com/files/123989/IJG-jpeg6b-libjpeg-turbo-Uninitialized-Memory.html
Связанные уязвимости
The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
