CVE-2018-12108

Published: Jun 11, 2018Modified: Nov 21, 2024

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

An issue was discovered in Dropbox Lepton 1.2.1. The validateAndCompress function in validation.cc allows remote attackers to cause a denial of service (SIGFPE and application crash) via a malformed file.

Affected (1)

Products: Dropbox: Lepton

Dropbox

1 product

Lepton

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dropbox Lepton	Version 1.2.1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://github.com/dropbox/lepton/issues/107

Source: cve@mitre.org

ExploitPatchThird Party Advisory

https://github.com/dropbox/lepton/issues/107

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

Timeline

No history available yet.