VDB

GCVE-VVD-MAGEIA-2024-286

GCVE-VVD-MAGEIA-2024-286
Advisory Published
Vulnetix · Advisory published September 10, 2024
CVE-2024-7347: NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageianginx0 (affected), 1.26.2-1.mga9 (unaffected)
AWSconfig

References

Nginx has been updated to the latest stable release to fix CVE
advisory
Nginx has been updated to the latest stable release to fix CVE
issue
Nginx has been updated to the latest stable release to fix CVE
issue
Nginx has been updated to the latest stable release to fix CVE
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›