Denial of Service in Dropbox Lepton Software
CVE-2017-7448

5.5MEDIUM

Key Information:

Vendor

Dropbox

Status
Lepton
Vendor
CVE Published:
5 April 2017

What is CVE-2017-7448?

In Dropbox Lepton version 1.2.1, a flaw in the allocate_channel_framebuffer function located in uncompressed_components.hh permits remote attackers to exploit a divide-by-zero error. This vulnerability can be triggered by sending a specially crafted JPEG image, leading to application instability and crashes. The resulting denial of service can affect the performance and availability of the application, making it crucial for users to apply necessary patches and follow security updates.

References

http://www.securityfocus.com/bid/97490
vdb-entryx_refsource_BID
https://github.com/dropbox/lepton/commit/7789d99ac156adfd...
x_refsource_CONFIRM
https://github.com/dropbox/lepton/issues/86
x_refsource_CONFIRM

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.