Fluid Attacks Database

Description

VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers to cause a denial of service (application crash) via (1) unspecified "corrupt input" or (2) by "starting decoding from a P-frame," which triggers an out-of-bounds read, related to "the clamping of motion vectors in SPLITMV blocks".

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	libvpx	>=0 <1.0.0-1	1.0.0-1
debian 11	libvpx	>=0 <1.0.0-1	1.0.0-1
debian 12	libvpx	>=0 <1.0.0-1	1.0.0-1
debian 13	libvpx	>=0 <1.0.0-1	1.0.0-1

Aliases

1. CVE-2012-08232. NVD-2012-08233. OSV-DEBIAN-2012-08234. OSV-2012-08235. SECURITY-TRACKER-CVE-2012-0823

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.