CVE-2012-0823

EPSS 1.21%
Veröffentlicht 23.02.2012 20:07:32
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers to cause a denial of service (application crash) via (1) unspecified "corrupt input" or (2) by "starting decoding from a P-frame," which triggers an out-of-bounds read, related to "the clamping of motion vectors in SPLITMV blocks".

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Webmproject ≫ Libvpx Updatep1 Version <= 0.9.7

Webmproject ≫ Libvpx Version0.9.0

Webmproject ≫ Libvpx Version0.9.1

Webmproject ≫ Libvpx Version0.9.2

Webmproject ≫ Libvpx Version0.9.5

Webmproject ≫ Libvpx Version0.9.6

Webmproject ≫ Libvpx Version0.9.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.21%	0.771

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://blog.webmproject.org/2012/01/vp8-codec-sdk-duclair-released.html

http://code.google.com/p/webm/source/browse/CHANGELOG?repo=libvpx

http://www.mandriva.com/security/advisories?name=MDVSA-2012:023

http://www.openwall.com/lists/oss-security/2012/01/28/4

http://www.openwall.com/lists/oss-security/2012/01/30/2

http://www.securityfocus.com/bid/51775

https://nvd.nist.gov/vuln/detail/CVE-2012-0823

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-0823

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-0823

EUVD