CVE-2017-8891 - Vulncode-DB

CVE-2017-8891 (NVD)

2017-05-10

Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a malformed lepton file because the code does not ensure setup of a correct number of threads.

Products	Lepton
Type	Code (CWE-17)
First patch	https://github.com/dropbox/lepton/commit/82167c144a322cc956da45407f6dce8d4303d346
Relevant file/s	• ./src/lepton/bitops.cc (modified, +2, -1) • ./src/lepton/bitops.hh (modified, +4, -4) • ./src/lepton/lepton_codec.cc (modified, +1) • ./src/lepton/vp8_decoder.cc (modified, +14, -8) • ./src/vp8/decoder/boolreader.hh (modified, +3, -1)
Links	• http://openwall.com/lists/oss-security/2017/05/10/1 • https://github.com/dropbox/lepton/issues/87

lepton - Tree: 82167c144a

(? files)

Filter Settings

All Files

Relevant Files

Vulnerable Files

Patched Files

Files

VS-Dark VS-Bright Monokai Darcula

Navigation

Patch data:

(on by default)

Patched area: