CVE-2017-8891

NONE EPSS 55.9%
Published May 10, 20179y ago · Modified Jun 17, 20262w ago
Find Similar
Published May 10, 2017 9y ago
Last Modified Jun 17, 2026 2w ago

Description

Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a malformed lepton file because the code does not ensure setup of a correct number of threads.

Threat Intelligence

EPSS Exploit Probability
55.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-1187

Affected Products 1

VendorProductVersionRange
dropboxlepton1.2.1any

References 3

  • openwall.com http://openwall.com/lists/oss-security/2017/05/10/1
    Mailing ListPatchThird Party Advisory
  • github.com https://github.com/dropbox/lepton/commit/82167c144a322cc956da45407f6dce8d4303d346
    Issue TrackingPatchThird Party Advisory
  • github.com https://github.com/dropbox/lepton/issues/87
    Issue TrackingPatchThird Party Advisory

Remediation

  • openwall.com http://openwall.com/lists/oss-security/2017/05/10/1
    Mailing ListPatchThird Party Advisory
  • github.com https://github.com/dropbox/lepton/commit/82167c144a322cc956da45407f6dce8d4303d346
    Issue TrackingPatchThird Party Advisory
  • github.com https://github.com/dropbox/lepton/issues/87
    Issue TrackingPatchThird Party Advisory