CVE-2012-3443

Publication date 31 July 2012

Last updated 24 July 2024

Ubuntu priority

The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
python-django	12.04 LTS precise	Fixed 1.3.1-4ubuntu1.2
	11.10 oneiric	Fixed 1.3-2ubuntu1.3
	11.04 natty	Fixed 1.2.5-1ubuntu1.2
	10.04 LTS lucid	Fixed 1.1.1-2ubuntu1.5
	8.04 LTS hardy	Ignored

Notes

mdeslaur

possible regression, see LP: #1031733

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
python-django	Vendor: http://www.debian.org/security/2012/dsa-2529 Upstream: 9ca0ff6

References

Related Ubuntu Security Notices (USN)