Django · Django · CVE-2012-3444
**Name of the Vulnerable Software and Affected Versions**
Django versions 1.3.x through 1.3.2
Django versions 1.4.x through 1.4.1
**Description**
The issue allows remote attackers to cause a denial of service, specifically process or thread consumption, via a large TIFF image. This is due to the `get image dimensions` function using a constant chunk size in all attempts to determine dimensions.
**Recommendations**
For Django versions 1.3.x through 1.3.2, update to version 1.3.2 or later.
For Django versions 1.4.x through 1.4.1, update to version 1.4.1 or later.
As a temporary workaround, consider restricting the upload of large TIFF images to minimize the risk of exploitation.