Maxim Dounin
[nginx-announce] security advisory
April 12, 2012 09:30AM

Matthew Daley discovered a security problem in the
ngx_http_mp4_module, CVE-2012-2089.

A specially crafted mp4 file might allow to overwrite memory
locations in a worker process if the ngx_http_mp4_module is
used, potentially resulting in arbitrary code execution.

The problem affects nginx 1.1.3+, 1.0.7+ built with the
ngx_http_mp4_module (the module is not built by default) and
the "mp4" directive is used in a configuration file.

The problem is fixed in 1.1.19, 1.0.15.

Patch for the problem can be found here:

Maxim Dounin

nginx-announce mailing list
Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 79
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready