CVE-2012-2089

Name of the Vulnerable Software and Affected Versions nginx versions 1.0.7 through 1.0.14 nginx versions 1.1.3 through 1.1.18

Description A buffer overflow in the ngx http mp4 module module, when the mp4 directive is used, allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted MP4 file. The issue is related to the ngx http mp4 module.c file.

Recommendations For versions 1.0.7 through 1.0.14, update to a version outside of this range to resolve the issue. For versions 1.1.3 through 1.1.18, update to a version outside of this range to resolve the issue. As a temporary workaround, consider disabling the mp4 directive until a patch is available.