Unrated severityNVD Advisory· Published Apr 17, 2012· Updated Apr 29, 2026
CVE-2012-2089
CVE-2012-2089
Description
Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
Affected products
4cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- nginx.org/en/security_advisories.htmlnvdPatchVendor Advisory
- www.openwall.com/lists/oss-security/2012/04/12/9nvdMailing ListPatchThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2012-April/079388.htmlnvdThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2012-May/079467.htmlnvdThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2012-May/079474.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/52999nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/74831nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.