|Description||io/ZlibCompression.cc in the decompression component in Dropbox Lepton 1.2.1 allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact by crafting a jpg image file. The root cause is a missing check of header payloads that may be (incorrectly) larger than the maximum file size.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)|
The information below is based on the following data on fixed versions.
|Package||Type||Release||Fixed Version||Urgency||Origin||Debian Bugs|
- lepton <not-affected> (Vulnerable code introduced later)
Fixed by: https://github.com/dropbox/lepton/commit/0b9967ec13b2c95771fa3da30bcc49d2fc055bfe
Introduced by: https://github.com/dropbox/lepton/commit/d62a8c0416c5a918bfd7d132cc1f6daa4e8bc055