CVE-2012-3444 (retired)

Priority
Description
The get_image_dimensions function in the image-handling functionality in
Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in
all attempts to determine dimensions, which allows remote attackers to
cause a denial of service (process or thread consumption) via a large TIFF
image.
Notes
 mdeslaur> possible regression, see LP: #1031733
Package
Upstream:released (1.3.2,1.4.1)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (1.4.1-1)
Patches:
Vendor:http://www.debian.org/security/2012/dsa-2529
Upstream:https://github.com/django/django/commit/b2eb4787a0fff9c9993b78be5c698e85108f3446
More Information

Updated: 2019-03-26 12:03:00 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)