diff --git a/0013-CVE-2024-7347-Buffer-overread-in-the-mp4-module.patch b/0013-CVE-2024-7347-Buffer-overread-in-the-mp4-module.patch
new file mode 100644
index 0000000..13cfa31
--- /dev/null
+++ b/0013-CVE-2024-7347-Buffer-overread-in-the-mp4-module.patch
@@ -0,0 +1,56 @@
+From b7e3c8bcfbee27061efdd40ffb3a8479a9bcd9c8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
+Date: Fri, 21 Mar 2025 04:12:14 +0100
+Subject: [PATCH] CVE-2024-7347: Buffer overread in the mp4 module
+
+---
+ src/http/modules/ngx_http_mp4_module.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c
+index 0e93fbd..a6e3e80 100644
+--- a/src/http/modules/ngx_http_mp4_module.c
++++ b/src/http/modules/ngx_http_mp4_module.c
+@@ -2789,7 +2789,8 @@ static ngx_int_t
+ ngx_http_mp4_crop_stsc_data(ngx_http_mp4_file_t *mp4,
+     ngx_http_mp4_trak_t *trak, ngx_uint_t start)
+ {
+-    uint32_t               start_sample, chunk, samples, id, next_chunk, n,
++    uint64_t               n;
++    uint32_t               start_sample, chunk, samples, id, next_chunk,
+                            prev_samples;
+     ngx_buf_t             *data, *buf;
+     ngx_uint_t             entries, target_chunk, chunk_samples;
+@@ -2845,12 +2846,19 @@ ngx_http_mp4_crop_stsc_data(ngx_http_mp4_file_t *mp4,
+ 
+         next_chunk = ngx_mp4_get_32value(entry->chunk);
+ 
++        if (next_chunk < chunk) {
++            ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
++                          "unordered mp4 stsc chunks in \"%s\"",
++                          mp4->file.name.data);
++            return NGX_ERROR;
++        }
++
+         ngx_log_debug5(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0,
+                        "sample:%uD, chunk:%uD, chunks:%uD, "
+                        "samples:%uD, id:%uD",
+                        start_sample, chunk, next_chunk - chunk, samples, id);
+ 
+-        n = (next_chunk - chunk) * samples;
++        n = (uint64_t) (next_chunk - chunk) * samples;
+ 
+         if (start_sample < n) {
+             goto found;
+@@ -2872,7 +2880,7 @@ ngx_http_mp4_crop_stsc_data(ngx_http_mp4_file_t *mp4,
+                    "sample:%uD, chunk:%uD, chunks:%uD, samples:%uD",
+                    start_sample, chunk, next_chunk - chunk, samples);
+ 
+-    n = (next_chunk - chunk) * samples;
++    n = (uint64_t) (next_chunk - chunk) * samples;
+ 
+     if (start_sample > n) {
+         ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+-- 
+2.44.0
+
diff --git a/nginx.spec b/nginx.spec
index c6d179f..143c2ba 100644
--- a/nginx.spec
+++ b/nginx.spec
@@ -111,6 +111,9 @@ Patch11:           0011-SSL-use-of-the-SSL_OP_IGNORE_UNEXPECTED_EOF-option.patch
 #                - https://bugzilla.redhat.com/show_bug.cgi?id=2141495
 Patch12:           0012-CVE-2022-41741-and-CVE-2022-41742-fix.patch
 
+# upstream patch - https://bugzilla.redhat.com/show_bug.cgi?id=2304966
+Patch13:           0013-CVE-2024-7347-Buffer-overread-in-the-mp4-module.patch
+
 BuildRequires:     make
 BuildRequires:     gcc
 BuildRequires:     gnupg2
@@ -621,6 +624,8 @@ fi
 
 %changelog
 * Wed May 14 2025 Luboš Uhliarik <luhliari@redhat.com> - 2:1.20.1-24
+- Resolves: RHEL-84477 - nginx: specially crafted MP4 file may cause
+  denial of service (CVE-2024-7347)
 - Resolves: RHEL-85556 - nginx: Memory disclosure in the
   ngx_http_mp4_module (CVE-2022-41742)
 - Resolves: RHEL-91446 - nginx: Memory corruption in the