Description

The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file.

Remediation

References

CVE-2012-3443

Related Vulnerabilities

WordPress Plugin Listing, Classified Ads & Business Directory-uListing Multiple Vulnerabilities (1.6.6)

Drupal Core 8.7.x Security Bypass (8.7.0 - 8.7.10)

WordPress Plugin Maps Widget for Google Maps-Google Maps Builder Security Bypass (4.16)

WordPress Incorrect Authorization Vulnerability (CVE-2018-20147)

WordPress Plugin Code Insert Manager (Q2W3 Inc Manager) ZeroClipboard Cross-Site Scripting (2.3.1)

Severity

Medium

Classification

CVE-2012-3443 CWE-20

Tags

Missing Update Known Vulnerabilities