Denial-of-Service Vulnerability in Dropbox Lepton Product
CVE-2018-20820

5.5MEDIUM

Key Information:

Vendor

Dropbox

Status
Lepton
Vendor
CVE Published:
23 April 2019

What is CVE-2018-20820?

An integer overflow vulnerability in the read_ujpg function of jpgcoder.cc in Dropbox Lepton version 1.2.1 allows attackers to exploit this weakness by crafting a specific file. This can lead to a denial-of-service condition as the application may experience a crash during runtime, resulting in disruption of service.

References

https://github.com/dropbox/lepton/issues/111
x_refsource_MISC
https://github.com/dropbox/lepton/commit/6a5ceefac1162783...
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.