dropbox/lepton

GitHub

github.com

blogs.dropbox.com

Releases4

Frequency1 day 9 hours

Last Release almost 10 years ago

Stars5K

Lepton is a tool and file format for losslessly compressing JPEGs by an average of 22%.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-26181 ↗	Feb 28, 2022Monday, 28 February 2022, 19:15	7.8 HIGH	6.8 MEDIUM
Dropbox Lepton v1.2.1-185-g2a08b77 was discovered to contain a heap-buffer-overflow in the function aligned_dealloc():src/lepton/bitops.cc:108.
CVE-2018-20819 ↗	Apr 23, 2019Tuesday, 23 April 2019, 14:29	—	6.8 MEDIUM
io/ZlibCompression.cc in the decompression component in Dropbox Lepton 1.2.1 allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact by crafting a jpg image file. The root cause is a missing check of header payloads that may be (incorrectly) larger than the maximum file size.
CVE-2018-20820 ↗	Apr 23, 2019Tuesday, 23 April 2019, 14:29	—	4.3 MEDIUM
read_ujpg in jpgcoder.cc in Dropbox Lepton 1.2.1 allows attackers to cause a denial-of-service (application runtime crash because of an integer overflow) via a crafted file.
CVE-2018-12108 ↗	Jun 11, 2018Monday, 11 June 2018, 13:29	—	4.3 MEDIUM
An issue was discovered in Dropbox Lepton 1.2.1. The validateAndCompress function in validation.cc allows remote attackers to cause a denial of service (SIGFPE and application crash) via a malformed file.
CVE-2017-8891 ↗	May 10, 2017Wednesday, 10 May 2017, 16:29	—	4.3 MEDIUM
Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a malformed lepton file because the code does not ensure setup of a correct number of threads.
CVE-2017-7448 ↗	Apr 5, 2017Wednesday, 5 April 2017, 23:59	—	4.3 MEDIUM
The allocate_channel_framebuffer function in uncompressed_components.hh in Dropbox Lepton 1.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed JPEG image.
CVE-2016-6234 ↗	Feb 2, 2017Thursday, 2 February 2017, 16:59	—	4.3 MEDIUM
The process_file function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (crash) via a crafted jpeg file.
CVE-2016-6235 ↗	Feb 2, 2017Thursday, 2 February 2017, 16:59	—	4.3 MEDIUM
The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted jpeg file.
CVE-2016-6236 ↗	Feb 2, 2017Thursday, 2 February 2017, 16:59	—	4.3 MEDIUM
The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg file.
CVE-2016-6237 ↗	Feb 2, 2017Thursday, 2 February 2017, 16:59	—	4.3 MEDIUM
The build_huffcodes function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds write) via a crafted jpeg file.
CVE-2016-6238 ↗	Feb 2, 2017Thursday, 2 February 2017, 16:59	—	4.3 MEDIUM
The write_ujpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds read) via a crafted jpeg file.