6 matches found
CVE-2022-26181
CVE-2022-26181 affects Dropbox Lepton, specifically v1.2.1-185-g2a08b77, with a heap-based buffer overflow in the function aligned_dealloc() at src/lepton/bitops.cc:108. The incident is documented across multiple sources (NVD, OSV, Red Hat, Ubuntu and others) and is characterized by a heap-buffer...
CVE-2018-20819
CVE-2018-20819 affects Dropbox Lepton 1.2.1, specifically the decompression code io/ZlibCompression.cc. The root cause is a missing check of header payloads that may be larger than the maximum file size, enabling a heap-based buffer overflow that can crash the application and may have unspecified...
CVE-2018-12108
Dropbox Lepton 1.2.1 vulnerability (CVE-2018-12108) exists in the validation.cc file’s validateAndCompress function. A malformed input file can trigger a denial of service, causing a SIGFPE and application crash. Exploitation is described as remote, but no exploit details are provided in the conn...
CVE-2018-20820
CVE-2018-20820 affects Dropbox Lepton 1.2.1; the read_ujpg function in jpgcoder.cc is vulnerable to an integer overflow when processing a crafted JPEG, leading to an application runtime crash (DoS). The available sources confirm the vulnerable component and impact (denial of service) but do not p...
CVE-2017-8891
Technical details (affected product versions, root cause specifics, exploits) are not publicly disclosed in the provided documents; monitor for updates.
CVE-2017-7448
CVE-2017-7448 affects Dropbox Lepton 1.2.1. The vulnerability is in the allocate_channel_framebuffer function (uncompressed_components.hh) and can be triggered by a malformed JPEG image, enabling a remote attacker to cause a denial of service (divide-by-zero error and application crash). The avai...