CVE-2018-20819

{"id": "CVE-2018-20819", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2019-04-23T14:29:00.320", "references": [{"url": "https://github.com/dropbox/lepton/issues/112", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/dropbox/lepton/issues/112", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "io/ZlibCompression.cc in the decompression component in Dropbox Lepton 1.2.1 allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact by crafting a jpg image file. The root cause is a missing check of header payloads that may be (incorrectly) larger than the maximum file size."}, {"lang": "es", "value": "IO/ZlibCompression. CC en el componente de descompresi\u00f3n en Dropbox LEPTON versi\u00f3n 1.2.1 permite a los atacantes causar una Denegaci\u00f3n de Servicio (desbordamiento de b\u00fafer basado en mont\u00f3n y bloqueo de la aplicaci\u00f3n) o posiblemente tener otro impacto no especificado mediante la creaci\u00f3n de un archivo de imagen jpg. La causa ra\u00edz es una comprobaci\u00f3n faltante de cargas de encabezado que pueden ser (incorrectamente) mayores que el tama\u00f1o m\u00e1ximo de archivo."}], "lastModified": "2024-11-21T04:02:15.173", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dropbox:lepton:1.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DCDBF54-A4B3-4D67-A014-6ECC38D58621"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}