The build_huffcodes function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds write) via a crafted jpeg file.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6237
Reference (s):
- https://github.com/dropbox/lepton/issues/26
- MLIST:[oss-security] 20160717 Re: multiple memory corruption issues in lepton
- URL: http://www.openwall.com/lists/oss-security/2016/07/17/6