CVE-2012-3444

Name of the Vulnerable Software and Affected Versions Django versions 1.3.x through 1.3.2 Django versions 1.4.x through 1.4.1

Description The issue allows remote attackers to cause a denial of service, specifically process or thread consumption, via a large TIFF image. This is due to the get image dimensions function using a constant chunk size in all attempts to determine dimensions.

Recommendations For Django versions 1.3.x through 1.3.2, update to version 1.3.2 or later. For Django versions 1.4.x through 1.4.1, update to version 1.4.1 or later. As a temporary workaround, consider restricting the upload of large TIFF images to minimize the risk of exploitation.