SB2017040605 - Multiple vulnerabilities in Dropbox lepton
Published: April 6, 2017 Updated: August 8, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2018-20819)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
io/ZlibCompression.cc in the decompression component in Dropbox Lepton 1.2.1 allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact by crafting a jpg image file. The root cause is a missing check of header payloads that may be (incorrectly) larger than the maximum file size.
2) Integer overflow (CVE-ID: CVE-2018-20820)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
read_ujpg in jpgcoder.cc in Dropbox Lepton 1.2.1 allows attackers to cause a denial-of-service (application runtime crash because of an integer overflow) via a crafted file.
3) Input validation error (CVE-ID: CVE-2018-12108)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
An issue was discovered in Dropbox Lepton 1.2.1. The validateAndCompress function in validation.cc allows remote attackers to cause a denial of service (SIGFPE and application crash) via a malformed file.
4) Input validation error (CVE-ID: CVE-2017-8891)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a malformed lepton file because the code does not ensure setup of a correct number of threads.
5) Division by zero (CVE-ID: CVE-2017-7448)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to divide-by-zero error within The allocate_channel_framebuffer function in uncompressed_components.hh in Dropbox Lepton 1.2.1. A remote attacker can perform a denial of service (divide-by-zero error and application crash) via a malformed JPEG image.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://github.com/dropbox/lepton/issues/112
- https://github.com/dropbox/lepton/commit/6a5ceefac1162783fffd9506a3de39c85c725761
- https://github.com/dropbox/lepton/issues/111
- https://github.com/dropbox/lepton/issues/107
- http://openwall.com/lists/oss-security/2017/05/10/1
- https://github.com/dropbox/lepton/commit/82167c144a322cc956da45407f6dce8d4303d346
- https://github.com/dropbox/lepton/issues/87
- http://www.securityfocus.com/bid/97490
- https://github.com/dropbox/lepton/commit/7789d99ac156adfd7bbf66e7824bd3e948a74cf7
- https://github.com/dropbox/lepton/issues/86