CVE-2012-3443 (retired)

Priority
Description
The django.forms.ImageField class in the form system in Django before 1.3.2
and 1.4.x before 1.4.1 completely decompresses image data during image
validation, which allows remote attackers to cause a denial of service
(memory consumption) by uploading an image file.
Notes
 mdeslaur> possible regression, see LP: #1031733
Package
Upstream:released (1.3.2,1.4.1)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (1.4.1-1)
Patches:
Vendor:http://www.debian.org/security/2012/dsa-2529
Upstream:https://github.com/django/django/commit/9ca0ff6268eeff92d0d0ac2c315d4b6a8e229155
More Information

Updated: 2019-03-26 12:02:59 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)