Opensource Socialnetwork
Monthly
Resource exhaustion in Open Source Social Network (OSSN) versions prior to 9.0 allows remote unauthenticated attackers to trigger Denial of Service by uploading specially crafted images with extreme pixel dimensions (e.g., 10000×10000). While the compressed file size appears small, server-side decompression and resizing allocates excessive memory and CPU, crashing or degrading service. EPSS exploitation probability data not available, but the attack vector is straightforward (AV:N/AC:L/PR:N) with publicly documented technical details and fix commit available on GitHub. CVSS 8.2 reflects the easy remote exploitation path despite limited confidentiality impact.
Resource exhaustion in Open Source Social Network (OSSN) versions prior to 9.0 allows remote unauthenticated attackers to trigger Denial of Service by uploading specially crafted images with extreme pixel dimensions (e.g., 10000×10000). While the compressed file size appears small, server-side decompression and resizing allocates excessive memory and CPU, crashing or degrading service. EPSS exploitation probability data not available, but the attack vector is straightforward (AV:N/AC:L/PR:N) with publicly documented technical details and fix commit available on GitHub. CVSS 8.2 reflects the easy remote exploitation path despite limited confidentiality impact.