Heap Buffer Overflow in Dropbox Lepton by Dropbox
CVE-2022-26181

7.8HIGH

Key Information:

Vendor

Dropbox

Status
Lepton
Vendor
CVE Published:
28 February 2022

What is CVE-2022-26181?

A heap buffer overflow vulnerability has been identified in Dropbox Lepton version 1.2.1-185-g2a08b77, specifically within the function aligned_dealloc() found in src/lepton/bitops.cc at line 108. This flaw can potentially allow attackers to cause unexpected behavior, memory corruption, or even execute arbitrary code on affected systems if exploited. Users are advised to evaluate their versions of Lepton and apply necessary security updates to mitigate any risk associated with this vulnerability.

References

https://github.com/dropbox/lepton/issues/154
x_refsource_MISC
https://github.com/dropbox/lepton
x_refsource_MISC
https://drive.google.com/file/d/1bJlHozO37c5NZ1wI0NBWh0yH...
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.