nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files

A flaw was found in NGINX's ngxhttpmp4module. This Out-of-Bounds Read/Write vulnerability occurs due to improper handling of specially crafted MP4 files. A local authenticated attacker, by supplying a malicious MP4 file, can trigger a buffer over-read or overwrite in worker memory. This can lead ...

ALSA-2026:7343 Important: nginx:1.26 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file...

CVE-2026-32647

Summary: NGINX Open Source and NGNIX Plus may be affected when built with the ngx_http_mp4_module and using the mp4 directive. The issue is a vulnerability in the module that can trigger a buffer over-read or over-write in the worker memory, potentially terminating the worker or enabling code exe...

Jiajia MP4 Format Converter is vulnerable to dll hijacking.

Jia Jia MP4 Format Converter is a professional MPEG4 format converter. The MPEG-4 encoder of Jia Jia MP4 Format Converter can help you convert various video formats to MPEG4/AVC video formats. Jiajia MP4 Format Converter suffers from a dll hijacking vulnerability, which can be exploited by an...

UBUNTU-CVE-2018-14589

An issue has been discovered in Bento4 1.5.1-624. AP4Mp4AudioDsiParser::ReadBits in Codecs/Ap4Mp4AudioInfo.cpp has a heap-based buffer over-read...

Bento4 Ap4StszAtom.cpp file buffer overflow vulnerability

Bento4 is an open source C++ library for reading and writing MP4 files. A buffer overflow vulnerability exists in the AP4StszAtom class of the Ap4StszAtom.cpp file of the SDK in Bento4 version 1.5.0-616. A remote attacker can exploit this vulnerability to cause a denial of service or execute...

Ubuntu 14.04 LTS : Thunderbird vulnerabilities (USN-2859-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2859-1 advisory. Andrei Vaida, Jesse Ruderman, Bob Clary, and Jesse Ruderman discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening...

Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities: Multiple memory safety issues in Firefox were discovered. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary...

Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2833-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2833-1 advisory. Andrei Vaida, Jesse Ruderman, Bob Clary, Christian Holler, Jesse Ruderman, Eric Rahm, Robert Kaiser, Harald Kirschner, and Michael Henretty discovered...

Integer overflow in MP4 playback in 64-bit versions — Mozilla

Security researcher Ronald Crane reported a vulnerability found through code inspection. This issue is an integer overflow while processing an MP4 format video file when an a erroneously-small buffer is allocated and then overrun, resulting in a potentially exploitable crash...