cvedb.io
CVE-2018-20819
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2019-04-23T14:29:00.320 · Last modified 2026-06-17T01:53:32.530

Summary

io/ZlibCompression.cc in the decompression component in Dropbox Lepton 1.2.1 allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact by crafting a jpg image file. The root cause is a missing check of header payloads that may be (incorrectly) larger than the maximum file size.

Affected products

dropbox — lepton

Does this affect you?

Add your gear to cvedb and we'll alert you only when dropbox ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.