CVE-2017-7448

Опубликовано: 05 апр. 2017

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Низкий

Описание

The allocate_channel_framebuffer function in uncompressed_components.hh in Dropbox Lepton 1.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed JPEG image.

Ссылки

http://www.securityfocus.com/bid/97490
https://github.com/dropbox/lepton/commit/7789d99ac156adfd7bbf66e7824bd3e948a74cf7
Patch
Third Party Advisory
https://github.com/dropbox/lepton/issues/86
Exploit
Third Party Advisory
http://www.securityfocus.com/bid/97490
https://github.com/dropbox/lepton/commit/7789d99ac156adfd7bbf66e7824bd3e948a74cf7
Patch
Third Party Advisory
https://github.com/dropbox/lepton/issues/86
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dropbox:lepton:1.2.1:*:*:*:*:*:*:*

EPSS

Процентиль: 51%

0.00284

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-369

Связанные уязвимости

CVE-2017-7448

CVSS3: 5.5

ubuntu

почти 9 лет назад

CVE-2017-7448

CVSS3: 5.5

debian

почти 9 лет назад

The allocate_channel_framebuffer function in uncompressed_components.h ...

GHSA-96r9-34x2-995x

CVSS3: 5.5

github

больше 3 лет назад

EPSS

Процентиль: 51%

0.00284

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-369