Every CVE whose affected-product data names Dropbox Lepton, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2018-20819 — CVSS 7.8 (high): io/ZlibCompression.cc in the decompression component in Dropbox Lepton 1.2.1 allows attackers to cause a denial of service (heap-based…
CVE-2022-26181 — CVSS 7.8 (high): Dropbox Lepton v1.2.1-185-g2a08b77 was discovered to contain a heap-buffer-overflow in the function aligned_dealloc():src/lepton/bitops.cc:1…
CVE-2017-7448 — CVSS 5.5 (medium): The allocate_channel_framebuffer function in uncompressed_components.hh in Dropbox Lepton 1.2.1 allows remote attackers to cause a denial…
CVE-2017-8891 — CVSS 5.5 (medium): Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a malformed lepton file because the code does not ensure setup of a…
CVE-2018-12108 — CVSS 5.5 (medium): An issue was discovered in Dropbox Lepton 1.2.1. The validateAndCompress function in validation.cc allows remote attackers to cause a…
CVE-2018-20820 — CVSS 5.5 (medium): read_ujpg in jpgcoder.cc in Dropbox Lepton 1.2.1 allows attackers to cause a denial-of-service (application runtime crash because of an…