PT-2019-10259 · Dropbox · Dropbox Lepton

Hongxuchen

Published

2019-04-23

Updated

2019-04-24

CVE-2018-20820

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Dropbox Lepton version 1.2.1

Description: The issue allows attackers to cause a denial-of-service, resulting in an application runtime crash due to an integer overflow, by providing a crafted file.

Recommendations: For Dropbox Lepton version 1.2.1, update to a newer version that contains a fix for this issue to prevent potential crashes caused by crafted files.

Exploit

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2018-20820

Affected Products

Dropbox Lepton

PT-2019-10259 · Dropbox · Dropbox Lepton

CVE-2018-20820

Weakness Enumeration

Related Identifiers

Affected Products

References · 4