CVE-2024-7347

MEDIUM Year: 2024
CVSS v3 Score
4.7
Medium
Weakness Type
CWE-126
View all →

Vulnerability Description

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Related Vulnerabilities

CVE-2024-30069

MEDIUM
CVSS:4.7(Medium)

Windows Remote Access Connection Manager Information Disclosure Vulnerability

CWE-1262024

CVE-2024-30071

MEDIUM
CVSS:4.7(Medium)

Windows Remote Access Connection Manager Information Disclosure Vulnerability

CWE-1262024

CVE-2019-11036

MEDIUM
CVSS:4.8(Medium)

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function....

CWE-1262019

CVE-2021-22563

MEDIUM
CVSS:4.4(Medium)

Invalid JPEG XL images using libjxl can cause an out of bounds access on a std::vector<std::vector<T>> when rendering splines. The OOB read access can either lead to a segfault, or rendering splines b...

CWE-1262021

CVE-2022-4432

MEDIUM
CVSS:4.4(Medium)

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS PersistenceConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.

CWE-1262022