CVE-2012-3444Improper Restriction of Operations within the Bounds of a Memory Buffer in Django

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
1.2%
top 21.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Djangoproject Django
Timeline
PublishedJul 31
Latest updateMay 17

Description

The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service (process or thread consumption) via a large TIFF image.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

PyPIdjangoproject/django1.41.4.1+1

Patches

Patch: www.djangoproject.comPatch: www.djangoproject.com

🔴Vulnerability Details

4
GHSA
Django vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer2022-05-17
OSV
Django vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer2022-05-17
OSV
CVE-2012-3444: The get_image_dimensions function in the image-handling functionality in Django before 12012-07-31
CVEList
CVE-2012-3444: The get_image_dimensions function in the image-handling functionality in Django before 12012-07-31

📋Vendor Advisories

2
Ubuntu
Django vulnerabilities2012-09-10
Debian
CVE-2012-3444: python-django - The get_image_dimensions function in the image-handling functionality in Django ...2012

💬Community

3
Bugzilla
CVE-2012-3444 Django: 1.3.1 and 1.4.0 Denial-of-service via get_image_dimensions() [fedora-all]2012-07-31
Bugzilla
CVE-2012-3444 Django: 1.3.1 and 1.4.0 Denial-of-service via get_image_dimensions() [epel-all]2012-07-31
Bugzilla
CVE-2012-3444 Django: 1.3.1 and 1.4.0 Denial-of-service via get_image_dimensions()2012-07-31
CVE-2012-3444 — Djangoproject Django vulnerability | cvebase