Skip to content

Django vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer

Moderate severity GitHub Reviewed Published May 17, 2022 to the GitHub Advisory Database • Updated Mar 7, 2024

Package

pip Django (pip)

Affected versions

< 1.3.2
>= 1.4, < 1.4.1

Patched versions

1.3.2
1.4.1

Description

The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service (process or thread consumption) via a large TIFF image.

References

Published by the National Vulnerability Database Jul 31, 2012
Published to the GitHub Advisory Database May 17, 2022
Reviewed Apr 21, 2023
Last updated Mar 7, 2024

Severity

Moderate

EPSS score

2.005%
(89th percentile)

Weaknesses

CVE ID

CVE-2012-3444

GHSA ID

GHSA-5h2q-4hrp-v9rr

Source code

Credits

Checking history
See something to contribute? Suggest improvements for this vulnerability.