CVE-2011-2772
Mahara < 1.4.1 - Denial of Service via Invalid Image Upload
Title source: llmDescription
The get_dataroot_image_path function in lib/file.php in Mahara before 1.4.1 does not properly validate uploaded image files, which allows remote attackers to cause a denial of service (memory consumption) via a (1) large or (2) invalid image.
References (5)
Core 5
Core References
Patch x_refsource_confirm
http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz
Patch x_refsource_confirm
https://launchpad.net/mahara/+milestone/1.4.1
Issue Tracking x_refsource_confirm
https://bugs.launchpad.net/mahara/+bug/784978
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2011/dsa-2334
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/46719
Scores
EPSS
0.0227
EPSS Percentile
81.0%
Details
CWE
CWE-20
Status
published
Products (33)
mahara/mahara
0.9.0
mahara/mahara
0.9.1
mahara/mahara
0.9.2
mahara/mahara
1.0.0
mahara/mahara
1.0.1
mahara/mahara
1.0.2
mahara/mahara
1.0.3
mahara/mahara
1.0.4
mahara/mahara
1.0.5
mahara/mahara
1.0.6
... and 23 more
Published
Nov 15, 2011
Tracked Since
Feb 18, 2026