CVE-2018-20819

NameCVE-2018-20819
Descriptionio/ZlibCompression.cc in the decompression component in Dropbox Lepton 1.2.1 allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact by crafting a jpg image file. The root cause is a missing check of header payloads that may be (incorrectly) larger than the maximum file size.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
leptonsource(unstable)(not affected)

Notes

- lepton <not-affected> (Vulnerable code introduced later)
https://github.com/dropbox/lepton/issues/112
Fixed by: https://github.com/dropbox/lepton/commit/0b9967ec13b2c95771fa3da30bcc49d2fc055bfe
Introduced by: https://github.com/dropbox/lepton/commit/d62a8c0416c5a918bfd7d132cc1f6daa4e8bc055
Search for package or bug name: Reporting problems