Candidate: CVE-2017-8891
PublicDate: 2017-05-10 16:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8891
 http://openwall.com/lists/oss-security/2017/05/10/1
Description:
 Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a
 malformed lepton file because the code does not ensure setup of a correct
 number of threads.
Ubuntu-Description:
Notes:
Bugs:
 https://github.com/dropbox/lepton/issues/87
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]

Patches_lepton:
 upstream: https://github.com/dropbox/lepton/commit/82167c144a322cc956da45407f6dce8d4303d346
upstream_lepton: released (1.2.1+20170405-1)
precise/esm_lepton: DNE
trusty_lepton: DNE
trusty/esm_lepton: DNE
vivid/stable-phone-overlay_lepton: DNE
vivid/ubuntu-core_lepton: DNE
xenial_lepton: DNE
yakkety_lepton: ignored (reached end-of-life)
zesty_lepton: ignored (reached end-of-life)
artful_lepton: ignored (reached end-of-life)
bionic_lepton: not-affected (1.2.1+20170405-3build1)
cosmic_lepton: not-affected (1.2.1+20170405-3build1)
devel_lepton: not-affected (1.2.1+20170405-3build1)