CVE-2012-3443

EPSS 1.38%
Published 31.07.2012 17:55:04
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file.

Affected products Warnungen 0 Metrics 2 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Djangoproject ≫ Django Version <= 1.3

Djangoproject ≫ Django Version0.95

Djangoproject ≫ Django Version0.96

Djangoproject ≫ Django Version1.0

Djangoproject ≫ Django Version1.0 Updatealpha1

Djangoproject ≫ Django Version1.0 Updatealpha2

Djangoproject ≫ Django Version1.0 Updatebeta

Djangoproject ≫ Django Version1.0 Updatebeta2

Djangoproject ≫ Django Version1.0.1

Djangoproject ≫ Django Version1.0.2

Djangoproject ≫ Django Version1.1

Djangoproject ≫ Django Version1.1 Updatealpha1

Djangoproject ≫ Django Version1.1 Updatebeta1

Djangoproject ≫ Django Version1.1 Updaterc1

Djangoproject ≫ Django Version1.1.2

Djangoproject ≫ Django Version1.1.3

Djangoproject ≫ Django Version1.1.4

Djangoproject ≫ Django Version1.2

Djangoproject ≫ Django Version1.2 Updatebeta1

Djangoproject ≫ Django Version1.2 Updaterc1

Djangoproject ≫ Django Version1.2-alpha1

Djangoproject ≫ Django Version1.2.2

Djangoproject ≫ Django Version1.2.4

Djangoproject ≫ Django Version1.2.5

Djangoproject ≫ Django Version1.2.6

Djangoproject ≫ Django Version1.2.7

Djangoproject ≫ Django Version1.3 Updatealpha1

Djangoproject ≫ Django Version1.3 Updatebeta1

Djangoproject ≫ Django Version1.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.38%	0.785

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.debian.org/security/2012/dsa-2529

http://www.mandriva.com/security/advisories?name=MDVSA-2012:143

http://www.openwall.com/lists/oss-security/2012/07/31/1

http://www.openwall.com/lists/oss-security/2012/07/31/2

http://www.ubuntu.com/usn/USN-1560-1

https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2012-3443

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-3443

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-3443

EUVD