Launchpad.net

CVE 2012-3444

The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service (process or thread consumption) via a large TIFF image.

Related bugs and status

CVE-2012-3444 (Candidate) is related to these bugs:

Bug #1031733: Django security update 1.3.2

		In	Importance	Status
1031733	Django security update 1.3.2	python-django (Ubuntu)	Undecided	Fix Released
1031733	Django security update 1.3.2	python-django (Ubuntu Natty)	Undecided	Fix Released
1031733	Django security update 1.3.2	python-django (Ubuntu Oneiric)	Undecided	Fix Released
1031733	Django security update 1.3.2	python-django (Ubuntu Precise)	High	Fix Released
1031733	Django security update 1.3.2	python-django (Ubuntu Quantal)	Undecided	Fix Released
1031733	Django security update 1.3.2	python-django (Ubuntu Lucid)	Undecided	Fix Released

Bug #1042913: Upstream security bug fix missing

Summary				In	Importance	Status
	1042913	Upstream security bug fix missing		python-django (Ubuntu)	Undecided	New

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-3444

Related bugs and status

Related bugs

References