CVE-2016-6237

Name of the Vulnerable Software and Affected Versions Dropbox lepton version 1.0

Description The issue allows remote attackers to cause denial of service (out-of-bounds write) via a crafted jpeg file. This is due to a problem in the build huffcodes function in lepton/jpgcoder.cc.

Recommendations For version 1.0, consider avoiding the use of crafted jpeg files until a patch is available. As a temporary workaround, restrict the processing of jpeg files to minimize the risk of exploitation.