CVE-2024-7347 – This vulnerability in NGINX's ngx_http_mp4

Q: What is the severity of CVE-2024-7347?

CVE-2024-7347 has a CVSS score of 4.7 (MEDIUM). This vulnerability in NGINX's ngx_http_mp4_module allows attackers to cause memory over-read and worker process termination by uploading specially crafted MP4 files. Only NGINX installations built with the mp4 module and using the mp4 directive in configuration are affected. Attackers must be able to trigger processing of malicious MP4 files to exploit this.

📋 TL;DR

This vulnerability in NGINX's ngx_http_mp4_module allows attackers to cause memory over-read and worker process termination by uploading specially crafted MP4 files. Only NGINX installations built with the mp4 module and using the mp4 directive in configuration are affected. Attackers must be able to trigger processing of malicious MP4 files to exploit this.

💻 Affected Systems

Products:

NGINX Open Source
NGINX Plus

Versions: Versions with ngx_http_mp4_module enabled (specific affected versions not detailed in CVE)

Operating Systems: All platforms running affected NGINX versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if built with ngx_http_mp4_module AND mp4 directive is used in configuration

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Denial of service causing NGINX worker process termination, potentially disrupting web services if multiple workers are affected

🟠

Likely Case

Targeted DoS attacks against specific NGINX instances serving MP4 content, causing service interruptions

🟢

If Mitigated

Minimal impact with proper input validation and monitoring in place

🌐 Internet-Facing: MEDIUM - Internet-facing NGINX servers with mp4 module enabled could be targeted for DoS

🏢 Internal Only: LOW - Internal systems with mp4 module enabled have lower exposure but could still be targeted

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires ability to upload/trigger processing of specially crafted MP4 files

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched versions

Vendor Advisory: https://my.f5.com/manage/s/article/K000140529

Restart Required: Yes

Instructions:

1. Check NGINX version and configuration for mp4 module usage. 2. Apply vendor patches from official sources. 3. Restart NGINX service. 4. Verify patch application and functionality.

🔧 Temporary Workarounds

Disable ngx_http_mp4_module

all

Remove or comment out mp4 directive in NGINX configuration files

# Edit nginx.conf and remove 'mp4;' directives
# Reload configuration: nginx -s reload

Restrict MP4 file uploads

all

Implement strict file upload controls and validation for MP4 files

# Configure location blocks to restrict MP4 processing
location ~ \.mp4$ { deny all; }

🧯 If You Can't Patch

Disable mp4 module in NGINX configuration if not required
Implement WAF rules to block suspicious MP4 file uploads and processing attempts

🔍 How to Verify

Check if Vulnerable:

Check NGINX configuration for 'mp4;' directives and verify module is compiled: nginx -V 2>&1 | grep mp4

Check Version:

nginx -v

Verify Fix Applied:

Verify NGINX version after patching and confirm mp4 module is either disabled or patched

📡 Detection & Monitoring

Log Indicators:

NGINX worker process crashes
Error logs showing memory access violations
Unusual MP4 file processing errors

Network Indicators:

Multiple failed MP4 file upload attempts
Unusual traffic patterns to MP4 endpoints

SIEM Query:

source="nginx" AND ("worker process" AND crash) OR ("mp4" AND error)

📊 Metadata

CVE ID: CVE-2024-7347

CVSS v3 Score: 4.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-126

Published: August 14, 2024

Last Updated: November 3, 2025

🔗 References

https://my.f5.com/manage/s/article/K000140529 Vendor Advisory
http://www.openwall.com/lists/oss-security/2024/08/14/4 Mailing List
https://lists.debian.org/debian-lts-announce/2025/03/msg00017.html

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7347, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Nginx Open Source by F5

Nginx Open Source by F5

Nginx Plus by F5

Nginx Plus by F5

Nginx Plus by F5

Nginx Plus by F5

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable ngx_http_mp4_module

Restrict MP4 file uploads

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities