A vulnerability was found in Drupal 6.x-1.0/7.x-1.0 (Content Management System). It has been classified as problematic. This affects an unknown code of the component Image Resize Filter Module. The manipulation with an unknown input leads to a denial of service vulnerability. CWE is classifying the issue as CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. This is going to have an impact on availability.

The weakness was published 02/12/2014 by Dave Hansen-Lange as SA-CONTRIB-2014-017 as confirmed advisory (Website). The advisory is shared at drupal.org. The exploitability is told to be easy. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Neither technical details nor an exploit are publicly available.

Upgrading eliminates this vulnerability. The upgrade is hosted for download at drupal.org. The advisory contains the following remark:

(...) upgrade to Image Resize Filter 6.x-1.14 (...) for Drupal 7.x, upgrade to Image Resize Filter 7.x-1.14.

The vulnerability is also documented in the databases at X-Force (91155) and SecurityFocus (BID 65535†). Similar entries are available at VDB-12347, VDB-12346, VDB-12344 and VDB-12343. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Type

• Content Management System

Name

• Drupal

Version

• 6.x-1.0
• 7.x-1.0

License

• open-source

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion