{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.2.1"
              }
            ]
          },
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "c378cbfa2daaa99e8828be7395013f94cedb1bcc"
            }
          ],
          "repo": "https://github.com/dropbox/lepton",
          "type": "GIT"
        }
      ]
    }
  ],
  "details": "io/ZlibCompression.cc in the decompression component in Dropbox Lepton 1.2.1 allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact by crafting a jpg image file. The root cause is a missing check of header payloads that may be (incorrectly) larger than the maximum file size.",
  "id": "CVE-2018-20819",
  "modified": "2026-03-13T21:49:43.883081775Z",
  "published": "2019-04-23T14:29:00.320Z",
  "references": [
    {
      "type": "FIX",
      "url": "https://github.com/dropbox/lepton/issues/112"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}