[Pkg-phototools-devel] Bug#905494: lepton: CVE-2018-12108

Salvatore Bonaccorso carnil at debian.org
Sun Aug 5 13:35:26 BST 2018

Source: lepton
Version: 1.2.1+20170405-3
Severity: normal
Tags: patch security upstream
Forwarded: https://github.com/dropbox/lepton/issues/107


The following vulnerability was published for lepton.

| An issue was discovered in Dropbox Lepton 1.2.1. The
| validateAndCompress function in validation.cc allows remote attackers
| to cause a denial of service (SIGFPE and application crash) via a
| malformed file.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-12108
[1] https://github.com/dropbox/lepton/issues/107
[2] https://github.com/dropbox/lepton/commit/221c98a56a8b5b7beafcb6a0bab6cf4695ad6811


More information about the Pkg-phototools-devel mailing list