Total
6 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-26181 | 1 Dropbox | 1 Lepton | 2022-03-08 | 6.8 MEDIUM | 7.8 HIGH |
Dropbox Lepton v1.2.1-185-g2a08b77 was discovered to contain a heap-buffer-overflow in the function aligned_dealloc():src/lepton/bitops.cc:108. | |||||
CVE-2018-20819 | 1 Dropbox | 1 Lepton | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
io/ZlibCompression.cc in the decompression component in Dropbox Lepton 1.2.1 allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact by crafting a jpg image file. The root cause is a missing check of header payloads that may be (incorrectly) larger than the maximum file size. | |||||
CVE-2017-8891 | 1 Dropbox | 1 Lepton | 2019-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a malformed lepton file because the code does not ensure setup of a correct number of threads. | |||||
CVE-2018-20820 | 1 Dropbox | 1 Lepton | 2019-04-24 | 4.3 MEDIUM | 5.5 MEDIUM |
read_ujpg in jpgcoder.cc in Dropbox Lepton 1.2.1 allows attackers to cause a denial-of-service (application runtime crash because of an integer overflow) via a crafted file. | |||||
CVE-2018-12108 | 1 Dropbox | 1 Lepton | 2018-07-30 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in Dropbox Lepton 1.2.1. The validateAndCompress function in validation.cc allows remote attackers to cause a denial of service (SIGFPE and application crash) via a malformed file. | |||||
CVE-2017-7448 | 1 Dropbox | 1 Lepton | 2017-04-11 | 4.3 MEDIUM | 5.5 MEDIUM |
The allocate_channel_framebuffer function in uncompressed_components.hh in Dropbox Lepton 1.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed JPEG image. |