VYPR
High severityNVD Advisory· Published Jul 31, 2012· Updated Jun 16, 2026

CVE-2012-3444

CVE-2012-3444

Description

The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service (process or thread consumption) via a large TIFF image.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
DjangoPyPI
< 1.3.21.3.2
DjangoPyPI
>= 1.4, < 1.4.11.4.1

Affected products

30
  • cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*+ 28 more
    • cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*range: <=1.3
    • cpe:2.3:a:djangoproject:django:0.95:*:*:*:*:*:*:*
    • cpe:2.3:a:djangoproject:django:0.96:*:*:*:*:*:*:*
    • cpe:2.3:a:djangoproject:django:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:djangoproject:django:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:djangoproject:django:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:djangoproject:django:1.0:alpha1:*:*:*:*:*:*
    • cpe:2.3:a:djangoproject:django:1.0:alpha2:*:*:*:*:*:*
    • cpe:2.3:a:djangoproject:django:1.0:beta:*:*:*:*:*:*
    • cpe:2.3:a:djangoproject:django:1.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:djangoproject:django:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:djangoproject:django:1.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:djangoproject:django:1.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:djangoproject:django:1.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:djangoproject:django:1.1:alpha1:*:*:*:*:*:*
    • cpe:2.3:a:djangoproject:django:1.1:beta1:*:*:*:*:*:*
    • cpe:2.3:a:djangoproject:django:1.1:rc1:*:*:*:*:*:*
    • cpe:2.3:a:djangoproject:django:1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:djangoproject:django:1.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:djangoproject:django:1.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:djangoproject:django:1.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:djangoproject:django:1.2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:djangoproject:django:1.2.7:*:*:*:*:*:*:*
    • cpe:2.3:a:djangoproject:django:1.2-alpha1:*:*:*:*:*:*:*
    • cpe:2.3:a:djangoproject:django:1.2:beta1:*:*:*:*:*:*
    • cpe:2.3:a:djangoproject:django:1.2:rc1:*:*:*:*:*:*
    • cpe:2.3:a:djangoproject:django:1.3:alpha1:*:*:*:*:*:*
    • cpe:2.3:a:djangoproject:django:1.3:beta1:*:*:*:*:*:*
    • cpe:2.3:a:djangoproject:django:1.4:*:*:*:*:*:*:*
  • ghsa-coords
    Range: < 1.3.2

Patches

Vulnerability mechanics

References

15

News mentions

0

No linked articles in our index yet.