← Back

Lepton

lepton

Vendor: Dropbox • 6 CVEs

CVEs (6)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-26181
1Dropbox
1Lepton
Nov 21, 2024
Feb 28, 2022
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
Dropbox Lepton v1.2.1-185-g2a08b77 was discovered to contain a heap-buffer-overflow in the function aligned_dealloc():src/lepton/bitops.cc:108.
CVE-2018-20820
1Dropbox
1Lepton
Nov 21, 2024
Apr 23, 2019
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
read_ujpg in jpgcoder.cc in Dropbox Lepton 1.2.1 allows attackers to cause a denial-of-service (application runtime crash because of an integer overflow) via a crafted file.
CVE-2018-20819
1Dropbox
1Lepton
Nov 21, 2024
Apr 23, 2019
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
io/ZlibCompression.cc in the decompression component in Dropbox Lepton 1.2.1 allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact by c...Show more
io/ZlibCompression.cc in the decompression component in Dropbox Lepton 1.2.1 allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact by crafting a jpg image file. The root cause is a missing check of header payloads that may be (incorrectly) larger than the maximum file size.Show less
CVE-2018-12108
1Dropbox
1Lepton
Nov 21, 2024
Jun 11, 2018
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
An issue was discovered in Dropbox Lepton 1.2.1. The validateAndCompress function in validation.cc allows remote attackers to cause a denial of service (SIGFPE and application crash) via a malformed file.
CVE-2017-8891
1Dropbox
1Lepton
May 13, 2026
May 10, 2017
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a malformed lepton file because the code does not ensure setup of a correct number of threads.
CVE-2017-7448
1Dropbox
1Lepton
May 13, 2026
Apr 5, 2017
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
The allocate_channel_framebuffer function in uncompressed_components.hh in Dropbox Lepton 1.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed JPEG image...Show more
The allocate_channel_framebuffer function in uncompressed_components.hh in Dropbox Lepton 1.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed JPEG image.Show less