Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
CVSS v2.0 Score
6.8
/ 10.0
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Information
- Published
- 17 avr. 2012
- Updated
- 11 avr. 2025
- Status
- Deferred
- Source
- secalert@redhat.com
Affected products
f5 nginxAll nginx CVEs →
Versions : 1.0.14, 1.1.18
fedoraproject fedora
Versions : 15, 16, 17
Weaknesses (CWE)
CWE-120
References (16)
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079388.htmlThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079467.htmlThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079474.htmlThird Party Advisory
- http://nginx.org/en/security_advisories.htmlPatchVendor Advisory
- http://www.openwall.com/lists/oss-security/2012/04/12/9Mailing ListPatchThird Party Advisory
- http://www.securityfocus.com/bid/52999Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1026924Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74831Third Party AdvisoryVDB Entry
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079388.htmlThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079467.htmlThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079474.htmlThird Party Advisory
- http://nginx.org/en/security_advisories.htmlPatchVendor Advisory
- http://www.openwall.com/lists/oss-security/2012/04/12/9Mailing ListPatchThird Party Advisory
- http://www.securityfocus.com/bid/52999Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1026924Third Party AdvisoryVDB Entry
- + 1 more references on NVD
Similar CVEs
Other vulnerabilities of type CWE-120
Loading…
Monitor your products
Get automatic alerts for every new CVE affecting your equipment.