27 matches found
NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file
A flaw was found in NGINX Open Source, specifically within the ngxhttpmp4module. An attacker can exploit this memory corruption vulnerability by providing a specially crafted MP4 file. This can lead to an over-read or over-write of NGINX worker memory, causing the worker to terminate and resultin...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: nginx (UTSA-2026-014284)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014284 advisory. NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module module, which might allow an attacker to trigger a buffer over-read or over-write to th...
NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file
A flaw was found in NGINX Open Source, specifically within the ngxhttpmp4module. An attacker can exploit this memory corruption vulnerability by providing a specially crafted MP4 file. This can lead to an over-read or over-write of NGINX worker memory, causing the worker to terminate and resultin...
SUSE CVE-2026-32647
NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, using a specially crafted MP4 file. This issue affect...
CVE-2026-32647 NGINX ngx_http_mp4_module vulnerability
NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, using a specially crafted MP4 file. This issue affect...
CVE-2026-32647
NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, using a specially crafted MP4 file. This issue affect...
CVE-2026-27784
The 32-bit implementation of NGINX Open Source has a vulnerability in the ngxhttpmp4module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects 32-bit NGINX Open Source if it i...
K000160364: NGINX ngx_http_mp4_module vulnerability CVE-2026-27784
Security Advisory Description The 32-bit implementation of NGINX Open Source has a vulnerability in the ngxhttpmp4module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects...
PT-2026-27436
Name of the Vulnerable Software and Affected Versions NGINX Open Source and NGINX Plus versions affected versions not specified Description NGINX Open Source and NGINX Plus, when built with the ngx http mp4 module module and configured with the mp4 directive, are susceptible to a buffer over-read...
PT-2026-27431
Name of the Vulnerable Software and Affected Versions NGINX Open Source affected versions not specified Description The 32-bit implementation of NGINX Open Source contains an issue within the ngx http mp4 module module. This can allow an attacker to read from or write to NGINX worker memory,...
nginx: Memory corruption in the ngx_http_mp4_module
A vulnerability was found in NGINX's module, ngxhttpmp4module. This flaw allows a local attacker to corrupt NGINX worker memory, resulting in its termination using a specially crafted audio or video file. The issue affects only NGINX products built with ngxhttpmp4module when the mp4 directive is...
nginx: Memory disclosure in the ngx_http_mp4_module
A vulnerability was found in NGINX’s module, ngxhttpmp4module. This flaw allows a local attacker to cause a worker process crash or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products built with ngxhttpmp4module...
nginx: Memory corruption in the ngx_http_mp4_module
A vulnerability was found in NGINX's module, ngxhttpmp4module. This flaw allows a local attacker to corrupt NGINX worker memory, resulting in its termination using a specially crafted audio or video file. The issue affects only NGINX products built with ngxhttpmp4module when the mp4 directive is...
nginx: Memory corruption in the ngx_http_mp4_module
A vulnerability was found in NGINX's module, ngxhttpmp4module. This flaw allows a local attacker to corrupt NGINX worker memory, resulting in its termination using a specially crafted audio or video file. The issue affects only NGINX products built with ngxhttpmp4module when the mp4 directive is...
OESA-2024-2065 nginx security update
NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its...
DEBIAN-CVE-2024-7347
NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and the mp4 directi...
ALPINE-CVE-2024-7347
NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and the mp4 directi...
UBUNTU-CVE-2024-7347
NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and the mp4 directi...
Medium: nginx
Issue Overview: NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to corrupt NGINX worker memor...
SUSE CVE-2022-41742
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to cause a worker process crash, or might...