Bug 2450785 (CVE-2026-27784) - CVE-2026-27784 NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file
Summary: CVE-2026-27784 NGINX: NGINX: Denial of Service due to memory corruption via c...
Keywords:
Status: NEW
Alias: CVE-2026-27784
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2450840
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-03-24 15:02 UTC by OSIDB Bzimport
Modified: 2026-05-11 10:49 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2026:13634 0 None None None 2026-05-05 08:35:53 UTC
Red Hat Product Errata RHSA-2026:13680 0 None None None 2026-05-05 10:26:20 UTC
Red Hat Product Errata RHSA-2026:13839 0 None None None 2026-05-05 18:06:53 UTC
Red Hat Product Errata RHSA-2026:14836 0 None None None 2026-05-07 19:01:56 UTC
Red Hat Product Errata RHSA-2026:15942 0 None None None 2026-05-11 08:07:24 UTC
Red Hat Product Errata RHSA-2026:15943 0 None None None 2026-05-11 08:42:17 UTC
Red Hat Product Errata RHSA-2026:15945 0 None None None 2026-05-11 09:33:18 UTC
Red Hat Product Errata RHSA-2026:15966 0 None None None 2026-05-11 10:49:46 UTC
Red Hat Product Errata RHSA-2026:6906 0 None None None 2026-04-07 18:36:49 UTC
Red Hat Product Errata RHSA-2026:6907 0 None None None 2026-04-07 20:37:39 UTC
Red Hat Product Errata RHSA-2026:6923 0 None None None 2026-04-07 21:36:20 UTC
Red Hat Product Errata RHSA-2026:7002 0 None None None 2026-04-08 08:02:30 UTC
Red Hat Product Errata RHSA-2026:7343 0 None None None 2026-04-09 18:53:48 UTC

Description OSIDB Bzimport 2026-03-24 15:02:30 UTC 
The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects 32-bit NGINX Open Source if it is built with the ngx_http_mp4_module module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted MP4 file with the ngx_http_mp4_module module. 


Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Comment 2 errata-xmlrpc 2026-04-07 18:36:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:6906 https://access.redhat.com/errata/RHSA-2026:6906
Comment 3 errata-xmlrpc 2026-04-07 20:37:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:6907 https://access.redhat.com/errata/RHSA-2026:6907
Comment 4 errata-xmlrpc 2026-04-07 21:36:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:6923 https://access.redhat.com/errata/RHSA-2026:6923
Comment 5 errata-xmlrpc 2026-04-08 08:02:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:7002 https://access.redhat.com/errata/RHSA-2026:7002
Comment 6 errata-xmlrpc 2026-04-09 18:53:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:7343 https://access.redhat.com/errata/RHSA-2026:7343
Comment 11 errata-xmlrpc 2026-05-05 08:35:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:13634 https://access.redhat.com/errata/RHSA-2026:13634
Comment 12 errata-xmlrpc 2026-05-05 10:26:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:13680 https://access.redhat.com/errata/RHSA-2026:13680
Comment 13 errata-xmlrpc 2026-05-05 18:06:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:13839 https://access.redhat.com/errata/RHSA-2026:13839
Comment 14 errata-xmlrpc 2026-05-07 19:01:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:14836 https://access.redhat.com/errata/RHSA-2026:14836
Comment 15 errata-xmlrpc 2026-05-11 08:07:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2026:15942 https://access.redhat.com/errata/RHSA-2026:15942
Comment 16 errata-xmlrpc 2026-05-11 08:42:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:15943 https://access.redhat.com/errata/RHSA-2026:15943
Comment 17 errata-xmlrpc 2026-05-11 09:33:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:15945 https://access.redhat.com/errata/RHSA-2026:15945
Comment 18 errata-xmlrpc 2026-05-11 10:49:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:15966 https://access.redhat.com/errata/RHSA-2026:15966
Note You need to log in before you can comment on or make changes to this bug.