Description
The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service (process or thread consumption) via a large TIFF image.
Remediation
References
Related Vulnerabilities
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-39126)
WordPress Plugin WP Favorite Posts Cross-Site Scripting (1.6.5)
Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-8235)
WordPress Plugin Social Share Icons & Social Share Buttons Security Bypass (2.4.5)
WordPress Plugin WOOCS-Currency Switcher for WooCommerce Professional Cross-Site Scripting (1.3.7)