Lucene search

K

[email protected]NVD:CVE-2012-0823

HistoryFeb 23, 2012 - 8:07 p.m.

CVE-2012-0823

2012-02-2320:07:32

CWE-20

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.5 Medium

AI Score

Confidence

High

0.02 Low

EPSS

Percentile

88.9%

VP8 Codec SDK (libvpx) before 1.0.0 “Duclair” allows remote attackers to cause a denial of service (application crash) via (1) unspecified “corrupt input” or (2) by “starting decoding from a P-frame,” which triggers an out-of-bounds read, related to “the clamping of motion vectors in SPLITMV blocks”.

Affected configurations

NVD

Node

webmprojectlibvpxRange≤0.9.7p1

OR

webmprojectlibvpxMatch0.9.0

OR

webmprojectlibvpxMatch0.9.1

OR

webmprojectlibvpxMatch0.9.2

OR

webmprojectlibvpxMatch0.9.5

OR

webmprojectlibvpxMatch0.9.6

OR

webmprojectlibvpxMatch0.9.7

References

blog.webmproject.org/2012/01/vp8-codec-sdk-duclair-released.html

code.google.com/p/webm/source/browse/CHANGELOG?repo=libvpx

www.mandriva.com/security/advisories?name=MDVSA-2012:023

www.openwall.com/lists/oss-security/2012/01/28/4

www.openwall.com/lists/oss-security/2012/01/30/2

www.securityfocus.com/bid/51775

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.5 Medium

AI Score

Confidence

High

0.02 Low

EPSS

Percentile

88.9%

Related for NVD:CVE-2012-0823

cve1 openvas4 debiancve1 ubuntucve1 securityvulns2 nessus1 cvelist1 prion1