Description

The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service (process or thread consumption) via a large TIFF image.

Remediation

References

CVE-2012-3444

Related Vulnerabilities

Oracle Application Server CVE-2008-0349 Vulnerability (CVE-2008-0349)

WordPress Plugin Watu Quiz Unspecified Vulnerability (2.6)

PHP Other Vulnerability (CVE-2005-3391)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-7298)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-42047)

Severity

Medium

Classification

CVE-2012-3444 CWE-119

Tags

Missing Update Known Vulnerabilities