CVE-2024-56515

Summary

CVE-2024-56515 is a vulnerability affecting Matrix Media Repo (MMR), a media repository for Matrix. When SVG, JPEGXL, or MP4 thumbnailers are enabled, a user can upload a file claiming to be one of these types and trigger a different decoder in ImageMagick or ffmpeg, potentially leading to security issues. MMR has been updated to v1.3.8, which inspects file mimetypes before thumbnailing and selects a thumbnailer accordingly. Users unable to upgrade should disable the affected thumbnail types in the MMR config. Additionally, limiting uncommon file types on the server and using containers can help mitigate the risk. Some installations of ImageMagick and ffmpeg may already have certain file types disabled or offer limited decoders/codecs.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.