Description
Open Source Social Network (OSSN) is open-source social networking software developed in PHP. Versions prior to 9.0 are vulnerable to resource exhaustion. An attacker can upload a specially crafted image with extreme pixel dimensions (e.g., $10000 \times 10000$ pixels). While the compressed file size on disk may be small, the server attempts to allocate significant memory and CPU cycles during the decompression and resizing process, leading to a Denial of Service (DoS) condition. It is highly recommended to upgrade to OSSN 9.0. This version introduces stricter validation of image dimensions and improved resource management during the processing phase. Those who cannot upgrade immediately can mitigate the risk by adjusting their `php.ini` settings to strictly limit `memory_limit` and `max_execution_time` and/or implementing a client-side and server-side check on image headers to reject files exceeding reasonable pixel dimensions (e.g., $4000 \times 4000$ pixels) before processing begins.
Published: 2026-04-24
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via resource exhaustion
Action: Immediate Upgrade
AI Analysis

Impact

The vulnerability exists in the image handling component of the Open Source Social Network, where a specially crafted image file with extremely large pixel dimensions can trigger the server to allocate excessive memory and CPU resources during decompression and resizing. The resulting denial of service can affect the availability of the application and any users interacting with it. This weakness is a classic uncontrolled resource consumption problem (CWE‑400) coupled with the allocation of resources without limits (CWE‑770).

Affected Systems

Users running Open Source Social Network versions earlier than 9.0 are affected, regardless of the environment, as the unpatched image processing routine is invoked during normal upload workflows. The vendor is Opensource‑Socialnetwork, and the product name is Open Source Social Network.

Risk and Exploitability

With a CVSS score of 8.2, the vulnerability is considered high severity, and the EPSS score of less than 1% indicates that while exploitation is technically feasible, it is unlikely to be widely automated at this time. The vulnerability is not listed in the CISA KEV catalog, which suggests no widespread, documented exploitation yet. An attacker can exploit it by uploading a malicious image through the web interface, and the attack requires only the ability to submit a file—no special privileges are needed on the target server.

Generated by OpenCVE AI on April 28, 2026 at 07:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Open Source Social Network 9.0 which implements strict pixel‑dimension validation and improved resource limiting
  • If an upgrade is not immediately feasible, restrict PHP’s memory_limit and max_execution_time settings to values that constrain the peak memory usage and script run time
  • Add server‑side validation of image headers to reject files with dimensions exceeding a safe threshold (e.g., 4000×4000 pixels) and, if possible, enforce similar checks on the client side to avoid unnecessary upload traffic

Generated by OpenCVE AI on April 28, 2026 at 07:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 23:15:00 +0000

Type Values Removed Values Added
First Time appeared Opensource-socialnetwork
Opensource-socialnetwork open Source Social Network
Vendors & Products Opensource-socialnetwork
Opensource-socialnetwork open Source Social Network

Fri, 24 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 24 Apr 2026 02:45:00 +0000

Type Values Removed Values Added
Description Open Source Social Network (OSSN) is open-source social networking software developed in PHP. Versions prior to 9.0 are vulnerable to resource exhaustion. An attacker can upload a specially crafted image with extreme pixel dimensions (e.g., $10000 \times 10000$ pixels). While the compressed file size on disk may be small, the server attempts to allocate significant memory and CPU cycles during the decompression and resizing process, leading to a Denial of Service (DoS) condition. It is highly recommended to upgrade to OSSN 9.0. This version introduces stricter validation of image dimensions and improved resource management during the processing phase. Those who cannot upgrade immediately can mitigate the risk by adjusting their `php.ini` settings to strictly limit `memory_limit` and `max_execution_time` and/or implementing a client-side and server-side check on image headers to reject files exceeding reasonable pixel dimensions (e.g., $4000 \times 4000$ pixels) before processing begins.
Title Open Source Social Network (OSSN) Vulnerable to Resource Exhaustion via Malicious Image Processing
Weaknesses CWE-400
CWE-770
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H'}

Subscriptions

Opensource-socialnetwork Open Source Social Network
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-24T18:17:55.864Z

Reserved: 2026-04-20T14:01:46.670Z

Link: CVE-2026-41309

cve-icon Vulnrichment

Updated: 2026-04-24T17:22:12.195Z

cve-icon NVD

Status : Deferred

Published: 2026-04-24T03:16:11.720

Modified: 2026-04-29T20:56:50.103

Link: CVE-2026-41309

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T07:15:19Z

Weaknesses