CVE-2012-0823

Description

VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers to cause a denial of service (application crash) via (1) unspecified "corrupt input" or (2) by "starting decoding from a P-frame," which triggers an out-of-bounds read, related to "the clamping of motion vectors in SPLITMV blocks".

How to fix CVE-2012-0823

To remediate CVE-2012-0823, upgrade the affected package to a fixed version below.

• Debian/libvpx—upgrade to 1.0.0-1 or later

Is CVE-2012-0823 being exploited?

Low — EPSS is 1.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.0.0-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2012-0823