{"id":"MGASA-2024-0286","summary":"Nginx has been updated to the latest stable release to fix CVE","details":"CVE-2024-7347: NGINX Open Source and NGINX Plus have a vulnerability in\nthe ngx_http_mp4_module, which might allow an attacker to over-read\nNGINX worker memory resulting in its termination, using a specially\ncrafted mp4 file. The issue only affects NGINX if it is built with the\nngx_http_mp4_module and the mp4 directive is used in the configuration\nfile. Additionally, the attack is possible only if an attacker can\ntrigger the processing of a specially crafted mp4 file with the\nngx_http_mp4_module. Note: Software versions which have reached End of\nTechnical Support (EoTS) are not evaluated.\n","modified":"2026-04-16T04:42:10.057789153Z","published":"2024-09-10T16:40:31Z","upstream":["CVE-2024-7347"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0286.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=33509"},{"type":"WEB","url":"https://openwall.com/lists/oss-security/2024/08/14/4"},{"type":"ADVISORY","url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7347"}],"affected":[{"package":{"name":"nginx","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/nginx?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.26.2-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0286.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}