CVE-2012-2089
published 2012-04-17CVE-2012-2089: Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is…
medium6.8CVSS 3.1
AVNACMAuNCPIPAP
Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nginx | < nginx 1.1.19-1 (bookworm) | nginx 1.1.19-1 (bookworm) |
| f5 | nginx | >= 0 < 1.1.19-1 | 1.1.19-1 |
| f5 | nginx | >= 0 < 1.1.19-1 | 1.1.19-1 |
| f5 | nginx | >= 0 < 1.1.19-1 | 1.1.19-1 |
| f5 | nginx | >= 0 < 1.1.19-1 | 1.1.19-1 |
| f5 | nginx | 1.0.7 – 1.0.14 | — |
| f5 | nginx | 1.1.3 – 1.1.18 | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
CVSS provenance
nvd6.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM