{"id":"PYSEC-2012-4","details":"The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service (process or thread consumption) via a large TIFF image.","aliases":["CVE-2012-3444","GHSA-5h2q-4hrp-v9rr"],"modified":"2026-06-10T17:00:59.123761359Z","published":"2012-07-31T17:55:00Z","references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2012/07/31/1"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2012/07/31/2"},{"type":"ARTICLE","url":"https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-1560-1"},{"type":"ADVISORY","url":"http://www.debian.org/security/2012/dsa-2529"},{"type":"ADVISORY","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2012:143"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-5h2q-4hrp-v9rr"}],"affected":[{"package":{"name":"django","ecosystem":"PyPI","purl":"pkg:pypi/django"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.2"},{"introduced":"1.4"},{"fixed":"1.4.1"}]}],"versions":["1.0.1","1.0.2","1.0.3","1.0.4","1.1","1.1.1","1.1.2","1.1.3","1.1.4","1.2","1.2.1","1.2.2","1.2.3","1.2.4","1.2.5","1.2.6","1.2.7","1.3","1.3.1","1.4"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/django/PYSEC-2012-4.yaml"}}],"schema_version":"1.7.5"}