CVE-2012-0823

VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers to cause a denial of service (application crash) via (1) unspecified "corrupt input" or (2) by "starting decoding from a P-frame," which triggers an out-of-bounds read, related to "the clamping of motion vectors in SPLITMV blocks".
Severity
UNKNOWN
AV:N/AC:L/Au:N/C:N/I:N/A:P
Atk. Vector
NETWORK
Atk. Complexity
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
VendorProductVersion
webmprojectlibvpx
𝑥
≤ 0.9.7
webmprojectlibvpx
0.9.0
webmprojectlibvpx
0.9.1
webmprojectlibvpx
0.9.2
webmprojectlibvpx
0.9.5
webmprojectlibvpx
0.9.6
webmprojectlibvpx
0.9.7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libvpx
bullseye (security)
1.9.0-1+deb11u3
fixed
bullseye
1.9.0-1+deb11u3
fixed
squeeze
not-affected
bookworm
1.12.0-1+deb12u3
fixed
bookworm (security)
1.12.0-1+deb12u3
fixed
sid
1.14.1-1
fixed
trixie
1.14.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libvpx
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
hardy
dne