Описание
Django Image Field Vulnerable to Image Decompression Bombs
The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2012-3443
- https://github.com/django/django/commit/9ca0ff6268eeff92d0d0ac2c315d4b6a8e229155
- https://github.com/django/django/commit/da33d67181b53fe6cc737ac1220153814a1509f6
- https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2012-3.yaml
- https://www.debian.org/security/2012/dsa-2529
- https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued
- https://www.mandriva.com/security/advisories?name=MDVSA-2012:143
- https://www.openwall.com/lists/oss-security/2012/07/31/1
- https://www.openwall.com/lists/oss-security/2012/07/31/2
- https://www.ubuntu.com/usn/USN-1560-1
- http://www.debian.org/security/2012/dsa-2529
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:143
- http://www.openwall.com/lists/oss-security/2012/07/31/1
- http://www.openwall.com/lists/oss-security/2012/07/31/2
- http://www.ubuntu.com/usn/USN-1560-1
Пакеты
Django
< 1.3.2
1.3.2
Django
>= 1.4, < 1.4.1
1.4.1
Связанные уязвимости
The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file.
The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file.
The django.forms.ImageField class in the form system in Django before ...