The image proxy component in Mattermost version 6.4.1 and earlier allocates memory for multiple copies of a proxied image, which allows an authenticated attacker to crash the server via links to very large image files.
{ "severity": "Medium", "cpes": [ "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*" ] }