Lucene search
HistoryJul 31, 2012 - 5:55 p.m.
CVE-2012-3443
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
6.2 Medium
AI Score
Confidence
Low
0.021 Low
EPSS
Percentile
89.1%
The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file.
Affected configurations
Node
djangoprojectdjangoRangeβ€1.3
ORdjangoprojectdjangoMatch0.95
ORdjangoprojectdjangoMatch0.96
ORdjangoprojectdjangoMatch1.0
ORdjangoprojectdjangoMatch1.0alpha1
ORdjangoprojectdjangoMatch1.0alpha2
ORdjangoprojectdjangoMatch1.0beta
ORdjangoprojectdjangoMatch1.0beta2
ORdjangoprojectdjangoMatch1.0.1
ORdjangoprojectdjangoMatch1.0.2
ORdjangoprojectdjangoMatch1.1
ORdjangoprojectdjangoMatch1.1alpha1
ORdjangoprojectdjangoMatch1.1beta1
ORdjangoprojectdjangoMatch1.1rc1
ORdjangoprojectdjangoMatch1.1.2
ORdjangoprojectdjangoMatch1.1.3
ORdjangoprojectdjangoMatch1.1.4
ORdjangoprojectdjangoMatch1.2
ORdjangoprojectdjangoMatch1.2beta1
ORdjangoprojectdjangoMatch1.2rc1
ORdjangoprojectdjangoMatch1.2-alpha1
ORdjangoprojectdjangoMatch1.2.2
ORdjangoprojectdjangoMatch1.2.4
ORdjangoprojectdjangoMatch1.2.5
ORdjangoprojectdjangoMatch1.2.6
ORdjangoprojectdjangoMatch1.2.7
ORdjangoprojectdjangoMatch1.3alpha1
ORdjangoprojectdjangoMatch1.3beta1
ORdjangoprojectdjangoMatch1.4
Related
debiancve
debiancve
CVE-2012-3443
2012-07-31 17:55:04
prion
prion
Design/Logic Flaw
2012-07-31 17:55:00
gitlab
gitlab
Improper Input Validation
2022-05-17 00:00:00
osv
osv
PYSEC-2012-3
2012-07-31 17:55:00
Django Image Field Vulnerable to Image Decompression Bombs
2022-05-17 05:12:01
python-django - several
2012-08-14 00:00:00
cvelist
cvelist
CVE-2012-3443
2012-07-31 17:00:00
cve
cve
CVE-2012-3443
2012-07-31 17:55:04
ubuntucve
ubuntucve
CVE-2012-3443
2012-07-31 00:00:00
github
github
Django Image Field Vulnerable to Image Decompression Bombs
2022-05-17 05:12:01
nessus
nessus
FreeBSD : django -- multiple vulnerabilities (f01292a0-db3c-11e1-a84b-00e0814cab4e)
2012-08-01 00:00:00
Fedora 16 : Django-1.3.2-1.fc16 (2012-11416)
2012-08-13 00:00:00
openvas
openvas
Fedora Update for Django FEDORA-2012-20224
2012-12-26 00:00:00
FreeBSD Ports: py26-django, py27-django
2012-08-10 00:00:00
Fedora Update for Django FEDORA-2012-11416
2012-08-14 00:00:00
seebug
seebug
Djangoθ·¨η«θζ¬ζ§θ‘εδΈ€δΈͺζη»ζε‘ζΌζ΄
2012-08-03 00:00:00
ubuntu
ubuntu
Django vulnerabilities
2012-09-10 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: Django-1.4.1-1.fc17
2012-08-10 22:27:19
[SECURITY] Fedora 16 Update: Django-1.3.2-1.fc16
2012-08-10 22:34:03
[SECURITY] Fedora 17 Update: Django-1.4.3-1.fc17
2012-12-20 03:20:48
debian
debian
[SECURITY] [DSA 2529-1] python-django security update
2012-08-14 20:05:21
securityvulns
securityvulns
[ MDVSA-2012:143 ] python-django
2012-09-03 00:00:00
freebsd
freebsd
django -- multiple vulnerabilities
2012-07-30 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
6.2 Medium
AI Score
Confidence
Low
0.021 Low
EPSS
Percentile
89.1%
Related for NVD:CVE-2012-3443