[Pkg-phototools-devel] Bug#905494: lepton: CVE-2018-12108
Salvatore Bonaccorso
carnil at debian.org
Sun Aug 5 13:35:26 BST 2018
Source: lepton
Version: 1.2.1+20170405-3
Severity: normal
Tags: patch security upstream
Forwarded: https://github.com/dropbox/lepton/issues/107
Hi,
The following vulnerability was published for lepton.
CVE-2018-12108[0]:
| An issue was discovered in Dropbox Lepton 1.2.1. The
| validateAndCompress function in validation.cc allows remote attackers
| to cause a denial of service (SIGFPE and application crash) via a
| malformed file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-12108
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12108
[1] https://github.com/dropbox/lepton/issues/107
[2] https://github.com/dropbox/lepton/commit/221c98a56a8b5b7beafcb6a0bab6cf4695ad6811
Regards,
Salvatore
More information about the Pkg-phototools-devel
mailing list