These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2016-6238 is a denial-of-service issue in Dropbox Lepton 1.0. According to NVD, the write_ujpg function in lepton/jpgcoder.cc can perform an out-of-bounds read when processing a crafted JPEG file. The issue is rated CVSS 5.5 (MEDIUM) and maps to CWE-125. For defenders, the main concern is untrusted image input reaching Lepton-based processing paths.
CVE-2016-6237 is a denial-of-service vulnerability in Dropbox Lepton 1.0 caused by an out-of-bounds write in build_huffcodes while processing a crafted JPEG file. The CVE record classifies the weakness as CWE-787 and links vendor discussion/patch references, but the published CVSS vector indicates the attack requires local access and user interaction.
CVE-2016-6236 affects Dropbox Lepton 1.0 in the JPEG parsing path. A crafted JPEG can trigger an out-of-bounds read in setup_imginfo_jpg (lepton/jpgcoder.cc), which the NVD classifies as a denial-of-service condition with CVSS 5.5. Systems that process untrusted images should treat this as a patch-priority reliability issue, especially in automated ingestion pipelines.
CVE-2016-6235 describes a denial-of-service issue in Dropbox Lepton 1.0's JPEG handling. A crafted JPEG can trigger a segmentation fault in setup_imginfo_jpg within lepton/jpgcoder.cc, which can crash the application. NVD classifies the issue as CVSS 3.0 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H and CWE-399.