Note:
This project will be discontinued after December 13, 2021. [more]
2017-04-05
The allocate_channel_framebuffer function in uncompressed_components.hh in Dropbox Lepton 1.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed JPEG image.
Products | Lepton |
Type | Divide By Zero (CWE-369) |
First patch |
https://github.com/dropbox/lepton/commit/7789d99ac156adfd7bbf66e7824bd3e948a74cf7 |
Relevant file/s |
• ./src/lepton/uncompressed_components.hh (modified, +8, -2)
• ./src/vp8/model/model.hh (modified, +4, -2) |
Links |
• http://www.securityfocus.com/bid/97490
• https://github.com/dropbox/lepton/issues/86 |
Navigation
Patch data:
Patched area:
(on by default)
Patched area: