CVE-2018-20820

NONE EPSS 57.0%
Published Apr 23, 20197y ago · Modified Jun 17, 20262w ago
Find Similar
Published Apr 23, 2019 7y ago
Last Modified Jun 17, 2026 2w ago

Description

read_ujpg in jpgcoder.cc in Dropbox Lepton 1.2.1 allows attackers to cause a denial-of-service (application runtime crash because of an integer overflow) via a crafted file.

Threat Intelligence

EPSS Exploit Probability
57.0% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-190 Integer Overflow or Wraparound Numeric Error

Affected Products 1

VendorProductVersionRange
dropboxlepton1.2.1any

References 2

  • github.com https://github.com/dropbox/lepton/commit/6a5ceefac1162783fffd9506a3de39c85c725761
    PatchThird Party Advisory
  • github.com https://github.com/dropbox/lepton/issues/111
    ExploitPatchThird Party Advisory

Remediation

  • github.com https://github.com/dropbox/lepton/commit/6a5ceefac1162783fffd9506a3de39c85c725761
    PatchThird Party Advisory
  • github.com https://github.com/dropbox/lepton/issues/111
    ExploitPatchThird Party Advisory