CVE-2012-0823

EPSS 1.21%
Published 23.02.2012 20:07:32
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers to cause a denial of service (application crash) via (1) unspecified "corrupt input" or (2) by "starting decoding from a P-frame," which triggers an out-of-bounds read, related to "the clamping of motion vectors in SPLITMV blocks".

Affected products Warnungen 0 Metrics 2 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Webmproject ≫ Libvpx Updatep1 Version <= 0.9.7

Webmproject ≫ Libvpx Version0.9.0

Webmproject ≫ Libvpx Version0.9.1

Webmproject ≫ Libvpx Version0.9.2

Webmproject ≫ Libvpx Version0.9.5

Webmproject ≫ Libvpx Version0.9.6

Webmproject ≫ Libvpx Version0.9.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.21%	0.771

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://blog.webmproject.org/2012/01/vp8-codec-sdk-duclair-released.html

http://code.google.com/p/webm/source/browse/CHANGELOG?repo=libvpx

http://www.mandriva.com/security/advisories?name=MDVSA-2012:023

http://www.openwall.com/lists/oss-security/2012/01/28/4

http://www.openwall.com/lists/oss-security/2012/01/30/2

http://www.securityfocus.com/bid/51775

https://nvd.nist.gov/vuln/detail/CVE-2012-0823

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-0823

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-0823

EUVD