CVE-2012-0823 — Improper Input Validation in Libvpx

CWE-20 — Improper Input Validation9 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

1.2%

top 20.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Webmproject Libvpx

Timeline

PublishedFeb 23

Latest updateMay 13

Description

VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers to cause a denial of service (application crash) via (1) unspecified "corrupt input" or (2) by "starting decoding from a P-frame," which triggers an out-of-bounds read, related to "the clamping of motion vectors in SPLITMV blocks".

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debianwebmproject/libvpx< 1.0.0-1+3

▶NVDwebmproject/libvpx0.9.7+6

🔴Vulnerability Details

GHSA

GHSA-95hq-f353-7fq8: VP8 Codec SDK (libvpx) before 1↗2022-05-13

▶

OSV

CVE-2012-0823: VP8 Codec SDK (libvpx) before 1↗2012-02-23

▶

CVEList

CVE-2012-0823: VP8 Codec SDK (libvpx) before 1↗2012-02-23

▶

📋Vendor Advisories

Red Hat

libvpx: VP8 Codec decoder crash introduced in 0.9.7↗2012-01-29

▶

Debian

CVE-2012-0823: libvpx - VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers to cause a...↗2012

▶

💬Community

Bugzilla

CVE-2012-0823 VP8 Codec SDK libvpx 0.9.7 decoder crash [epel-5]↗2012-02-11

▶

Bugzilla

CVE-2012-0823 VP8 Codec SDK libvpx 0.9.7 decoder crash [fedora-16]↗2012-02-11

▶

Bugzilla

CVE-2012-0823 libvpx: VP8 Codec decoder crash introduced in 0.9.7↗2012-01-30

▶