CVE-2017-8891

MEDIUM

Dropbox Lepton 1.2.1 - DoS

Title source: llm

Description

Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a malformed lepton file because the code does not ensure setup of a correct number of threads.

References (3)

[Mailing List, Patch, Third Party Advisory] http://openwall.com/lists/oss-security/2017/05/10/1

[Issue Tracking, Patch, Third Party Advisory] https://github.com/dropbox/lepton/commit/82167c144a322cc956da45407f6dce8d4303d346

View Patch ZIP pw:eip

[Issue Tracking, Patch, Third Party Advisory] https://github.com/dropbox/lepton/issues/87

Scores

CVSS v3 5.5

EPSS 0.0017

EPSS Percentile 38.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-1187

Status published

Products (2)

dropbox/lepton

n/a/n/a

Published May 10, 2017

Tracked Since Feb 18, 2026