Unrated severityNVD Advisory· Published Aug 14, 2024· Updated Nov 3, 2025
NGINX MP4 module vulnerability
CVE-2024-7347
Description
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Affected products
28(expand)+ 1 more
- (no CPE)
- (no CPE)range: R4
- osv-coords25 versionspkg:bitnami/nginxpkg:bitnami/nginx-gatewaypkg:rpm/almalinux/nginxpkg:rpm/almalinux/nginx-all-modulespkg:rpm/almalinux/nginx-corepkg:rpm/almalinux/nginx-filesystempkg:rpm/almalinux/nginx-mod-develpkg:rpm/almalinux/nginx-mod-http-image-filterpkg:rpm/almalinux/nginx-mod-http-perlpkg:rpm/almalinux/nginx-mod-http-xslt-filterpkg:rpm/almalinux/nginx-mod-mailpkg:rpm/almalinux/nginx-mod-streampkg:rpm/opensuse/nginx&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/nginx&distro=openSUSE%20Tumbleweedpkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6pkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/nginx&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/nginx&distro=SUSE%20Manager%20Server%204.3
>= 1.5.13, < 1.26.2+ 24 more
- (no CPE)range: >= 1.5.13, < 1.26.2
- (no CPE)range: >= 1.5.13, < 1.26.2
- (no CPE)range: < 1:1.22.1-8.module_el9.5.0+153+8c633b18.1.alma.1
- (no CPE)range: < 1:1.22.1-8.module_el9.5.0+153+8c633b18.1.alma.1
- (no CPE)range: < 1:1.22.1-8.module_el9.5.0+153+8c633b18.1.alma.1
- (no CPE)range: < 1:1.22.1-8.module_el9.5.0+153+8c633b18.1.alma.1
- (no CPE)range: < 1:1.22.1-8.module_el9.5.0+153+8c633b18.1.alma.1
- (no CPE)range: < 1:1.22.1-8.module_el9.5.0+153+8c633b18.1.alma.1
- (no CPE)range: < 1:1.22.1-8.module_el9.5.0+153+8c633b18.1.alma.1
- (no CPE)range: < 1:1.22.1-8.module_el9.5.0+153+8c633b18.1.alma.1
- (no CPE)range: < 1:1.22.1-8.module_el9.5.0+153+8c633b18.1.alma.1
- (no CPE)range: < 1:1.22.1-8.module_el9.5.0+153+8c633b18.1.alma.1
- (no CPE)range: < 1.21.5-150600.10.3.1
- (no CPE)range: < 1.27.1-1.1
- (no CPE)range: < 1.21.5-150400.3.6.1
- (no CPE)range: < 1.21.5-150400.3.6.1
- (no CPE)range: < 1.21.5-150400.3.6.1
- (no CPE)range: < 1.21.5-150400.3.6.1
- (no CPE)range: < 1.21.5-150600.10.3.1
- (no CPE)range: < 1.21.5-150400.3.6.1
- (no CPE)range: < 1.21.5-150400.3.6.1
- (no CPE)range: < 1.21.5-150400.3.6.1
- (no CPE)range: < 1.21.5-150400.3.6.1
- (no CPE)range: < 1.21.5-150400.3.6.1
- (no CPE)range: < 1.21.5-150400.3.6.1
Patches
Vulnerability mechanics
References
1- my.f5.com/manage/s/article/K000140529mitrevendor-advisory
News mentions
0No linked articles in our index yet.