Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3444

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-3444
Last Modified 10 Apr 2013 11:29:59
Published 31 Jul 2012 01:55:04
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-3444

Summary

The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service (process or thread consumption) via a large TIFF image.

Vulnerable Systems

Application

  • Djangoproject Django 0.95

  • Djangoproject Django 0.96

  • Djangoproject Django 1.0

  • Djangoproject Django 1.0.1

  • Djangoproject Django 1.0.2

  • Djangoproject Django 1.1

  • Djangoproject Django 1.1.2

  • Djangoproject Django 1.1.3

  • Djangoproject Django 1.1.4

  • Djangoproject Django 1.2

  • Djangoproject Django 1.2-alpha1

  • Djangoproject Django 1.2.2

  • Djangoproject Django 1.2.4

  • Djangoproject Django 1.2.5

  • Djangoproject Django 1.2.6

  • Djangoproject Django 1.2.7

  • Djangoproject Django 1.3

  • Djangoproject Django 1.4


References

CONFIRM - https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/

MLIST - [oss-security] 20120730 Re: CVE Request: Django 1.3.1 and 1.4.0 security issues

MLIST - [oss-security] 20120730 CVE Request: Django 1.3.1 and 1.4.0 security issues

UBUNTU - USN-1560-1

DEBIAN - DSA-2529

MANDRIVA - MDVSA-2012:143


Last Updated: 27 May 2016 10:55:01