CVE-2011-2772

Mahara < 1.4.1 - Denial of Service via Invalid Image Upload

Title source: llm
STIX 2.1

Description

The get_dataroot_image_path function in lib/file.php in Mahara before 1.4.1 does not properly validate uploaded image files, which allows remote attackers to cause a denial of service (memory consumption) via a (1) large or (2) invalid image.

References (5)

Core 5
Core References
Issue Tracking x_refsource_confirm
https://bugs.launchpad.net/mahara/+bug/784978
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2334
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/46719

Scores

EPSS 0.0227
EPSS Percentile 81.0%

Details

CWE
CWE-20
Status published
Products (33)
mahara/mahara 0.9.0
mahara/mahara 0.9.1
mahara/mahara 0.9.2
mahara/mahara 1.0.0
mahara/mahara 1.0.1
mahara/mahara 1.0.2
mahara/mahara 1.0.3
mahara/mahara 1.0.4
mahara/mahara 1.0.5
mahara/mahara 1.0.6
... and 23 more
Published Nov 15, 2011
Tracked Since Feb 18, 2026