CVE-2011-2772

Published: Nov 15, 2011

Modified: Sep 17, 2024

PUBLISHED

Description

The get_dataroot_image_path function in lib/file.php in Mahara before 1.4.1 does not properly validate uploaded image files, which allows remote attackers to cause a denial of service (memory consumption) via a (1) large or (2) invalid image.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz

x_refsource_CONFIRM

https://launchpad.net/mahara/+milestone/1.4.1

x_refsource_CONFIRM

https://bugs.launchpad.net/mahara/+bug/784978

x_refsource_CONFIRM

DSA-2334

vendor-advisory

x_refsource_DEBIAN

46719

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2011-2772

Description

Affected Products

References