CVE-2012-2089
EPSS 5.3%
Description
Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
How to fix CVE-2012-2089
To remediate CVE-2012-2089, upgrade the affected package to a fixed version below.
- Debian/nginx—upgrade to 1.1.19-1 or later
Is CVE-2012-2089 being exploited?
Moderate — EPSS is 5.3%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 1.1.19-1