Note:
This project will be discontinued after December 13, 2021. [more]
2017-05-10
Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a malformed lepton file because the code does not ensure setup of a correct number of threads.
Products | Lepton |
Type | Code (CWE-17) |
First patch |
https://github.com/dropbox/lepton/commit/82167c144a322cc956da45407f6dce8d4303d346 |
Relevant file/s |
• ./src/lepton/bitops.cc (modified, +2, -1)
• ./src/lepton/bitops.hh (modified, +4, -4) • ./src/lepton/lepton_codec.cc (modified, +1) • ./src/lepton/vp8_decoder.cc (modified, +14, -8) • ./src/vp8/decoder/boolreader.hh (modified, +3, -1) |
Links |
• http://openwall.com/lists/oss-security/2017/05/10/1
• https://github.com/dropbox/lepton/issues/87 |
Navigation
Patch data:
Patched area:
(on by default)
Patched area: