Description

The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file.

Remediation

References

CVE-2012-3443

Related Vulnerabilities

Microsoft SQL Server CVE-2023-32026 Vulnerability (CVE-2023-32026)

Internet Information Services CVE-2002-1790 Vulnerability (CVE-2002-1790)

WordPress Plugin VDZ CallBack Cross-Site Scripting (1.14.5)

WordPress Plugin Popup Maker-Popup for opt-ins, lead gen, & more Cross-Site Request Forgery (1.18.0)

EspoCRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-5966)

Severity

Medium

Classification

CVE-2012-3443 CWE-20

Tags

Missing Update Known Vulnerabilities