Lepton
by Apache Stats
Source repositories
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-12108 | Med | 0.36 | 5.5 | 0.01 | Jun 11, 2018 | An issue was discovered in Dropbox Lepton 1.2.1. The validateAndCompress function in validation.cc allows remote attackers to cause a denial of service (SIGFPE and application crash) via a malformed file. | ||
| CVE-2017-8891 | Med | 0.36 | 5.5 | 0.01 | May 10, 2017 | Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a malformed lepton file because the code does not ensure setup of a correct number of threads. | ||
| CVE-2017-7448 | Med | 0.36 | 5.5 | 0.01 | Apr 5, 2017 | The allocate_channel_framebuffer function in uncompressed_components.hh in Dropbox Lepton 1.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed JPEG image. | ||
| CVE-2016-6238 | Med | 0.36 | 5.5 | 0.01 | Feb 2, 2017 | The write_ujpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds read) via a crafted jpeg file. | ||
| CVE-2016-6237 | Med | 0.36 | 5.5 | 0.01 | Feb 2, 2017 | The build_huffcodes function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds write) via a crafted jpeg file. | ||
| CVE-2016-6236 | Med | 0.36 | 5.5 | 0.01 | Feb 2, 2017 | The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg file. | ||
| CVE-2016-6235 | Med | 0.36 | 5.5 | 0.01 | Feb 2, 2017 | The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted jpeg file. | ||
| CVE-2016-6234 | Med | 0.36 | 5.5 | 0.01 | Feb 2, 2017 | The process_file function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (crash) via a crafted jpeg file. | ||
| CVE-2022-4104 | 0.00 | — | 0.00 | Nov 28, 2022 | A loop with an unreachable exit condition can be triggered by passing a crafted JPEG file to the Lepton image compression tool, resulting in a denial-of-service. | |||
| CVE-2022-26181 | 0.00 | — | 0.01 | Feb 28, 2022 | Dropbox Lepton v1.2.1-185-g2a08b77 was discovered to contain a heap-buffer-overflow in the function aligned_dealloc():src/lepton/bitops.cc:108. | |||
| CVE-2018-20820 | 0.00 | — | 0.01 | Apr 23, 2019 | read_ujpg in jpgcoder.cc in Dropbox Lepton 1.2.1 allows attackers to cause a denial-of-service (application runtime crash because of an integer overflow) via a crafted file. | |||
| CVE-2018-20819 | 0.00 | — | 0.01 | Apr 23, 2019 | io/ZlibCompression.cc in the decompression component in Dropbox Lepton 1.2.1 allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact by crafting a jpg image file. The root cause is a missing check… |
- risk 0.36cvss 5.5epss 0.01
An issue was discovered in Dropbox Lepton 1.2.1. The validateAndCompress function in validation.cc allows remote attackers to cause a denial of service (SIGFPE and application crash) via a malformed file.
- risk 0.36cvss 5.5epss 0.01
Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a malformed lepton file because the code does not ensure setup of a correct number of threads.
- risk 0.36cvss 5.5epss 0.01
The allocate_channel_framebuffer function in uncompressed_components.hh in Dropbox Lepton 1.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed JPEG image.
- risk 0.36cvss 5.5epss 0.01
The write_ujpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds read) via a crafted jpeg file.
- risk 0.36cvss 5.5epss 0.01
The build_huffcodes function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds write) via a crafted jpeg file.
- risk 0.36cvss 5.5epss 0.01
The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg file.
- risk 0.36cvss 5.5epss 0.01
The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted jpeg file.
- risk 0.36cvss 5.5epss 0.01
The process_file function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (crash) via a crafted jpeg file.
- CVE-2022-4104Nov 28, 2022risk 0.00cvss —epss 0.00
A loop with an unreachable exit condition can be triggered by passing a crafted JPEG file to the Lepton image compression tool, resulting in a denial-of-service.
- CVE-2022-26181Feb 28, 2022risk 0.00cvss —epss 0.01
Dropbox Lepton v1.2.1-185-g2a08b77 was discovered to contain a heap-buffer-overflow in the function aligned_dealloc():src/lepton/bitops.cc:108.
- CVE-2018-20820Apr 23, 2019risk 0.00cvss —epss 0.01
read_ujpg in jpgcoder.cc in Dropbox Lepton 1.2.1 allows attackers to cause a denial-of-service (application runtime crash because of an integer overflow) via a crafted file.
- CVE-2018-20819Apr 23, 2019risk 0.00cvss —epss 0.01
io/ZlibCompression.cc in the decompression component in Dropbox Lepton 1.2.1 allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact by crafting a jpg image file. The root cause is a missing check…