Description
The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file.
Remediation
References
Related Vulnerabilities
Microsoft SQL Server CVE-2023-32026 Vulnerability (CVE-2023-32026)
Internet Information Services CVE-2002-1790 Vulnerability (CVE-2002-1790)
WordPress Plugin VDZ CallBack Cross-Site Scripting (1.14.5)
WordPress Plugin Popup Maker-Popup for opt-ins, lead gen, & more Cross-Site Request Forgery (1.18.0)
EspoCRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-5966)