CVE-2012-3443
Django < 1.3.2 and 1.4.x < 1.4.1 - Denial of Service via ImageField Decompression
Title source: llmDescription
The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file.
References (6)
Core 6
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/07/31/1
Patch, Vendor Advisory x_refsource_confirm
https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:143
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1560-1
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/07/31/2
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2012/dsa-2529
Scores
EPSS
0.0264
EPSS Percentile
83.8%
Details
CWE
CWE-20
Status
published
Products (20)
djangoproject/django
0.95
djangoproject/django
0.96
djangoproject/django
1.0 (5 CPE variants)
djangoproject/django
1.0.1
djangoproject/django
1.0.2
djangoproject/django
1.1 (4 CPE variants)
djangoproject/django
1.1.2
djangoproject/django
1.1.3
djangoproject/django
1.1.4
djangoproject/django
1.2 (3 CPE variants)
... and 10 more
Published
Jul 31, 2012
Tracked Since
Feb 18, 2026