Source: lepton Version: 1.2.1+20170405-3 Severity: normal Tags: patch security upstream Forwarded: https://github.com/dropbox/lepton/issues/107
Hi, The following vulnerability was published for lepton. CVE-2018-12108[0]: | An issue was discovered in Dropbox Lepton 1.2.1. The | validateAndCompress function in validation.cc allows remote attackers | to cause a denial of service (SIGFPE and application crash) via a | malformed file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-12108 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12108 [1] https://github.com/dropbox/lepton/issues/107 [2] https://github.com/dropbox/lepton/commit/221c98a56a8b5b7beafcb6a0bab6cf4695ad6811 Regards, Salvatore