CVE-2012-0823
CVE-2012-0823 is a medium-severity vulnerability in Webmproject Libvpx with a CVSS 2.0 base score of 5.0. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-20.
Key facts
- Severity: Medium (CVSS 2.0 base score 5.0)
- EPSS exploit prediction: 3% (83rd percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-20
- Affected product: Webmproject Libvpx
- Published:
- Last modified:
Description
VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers to cause a denial of service (application crash) via (1) unspecified "corrupt input" or (2) by "starting decoding from a P-frame," which triggers an out-of-bounds read, related to "the clamping of motion vectors in SPLITMV blocks".
Frequently asked questions
- What is CVE-2012-0823?
- VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers to cause a denial of service (application crash) via (1) unspecified "corrupt input" or (2) by "starting decoding from a P-frame," which triggers an out-of-bounds read, related to "the clamping of motion vectors in SPLITMV blocks".
- How severe is CVE-2012-0823?
- CVE-2012-0823 has a CVSS 2.0 base score of 5.0, rated medium severity.
- Is CVE-2012-0823 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 3% (83rd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2012-0823?
- CVE-2012-0823 primarily affects Webmproject Libvpx. In total, 7 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2012-0823?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2012-0823 published?
- CVE-2012-0823 was published on 2012-02-23 and last updated on 2026-06-16.
References
- http://blog.webmproject.org/2012/01/vp8-codec-sdk-duclair-released.html
- http://code.google.com/p/webm/source/browse/CHANGELOG?repo=libvpx
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:023
- http://www.openwall.com/lists/oss-security/2012/01/28/4
- http://www.openwall.com/lists/oss-security/2012/01/30/2
- http://www.securityfocus.com/bid/51775
Affected products (7)
- cpe:2.3:a:webmproject:libvpx:*:p1:*:*:*:*:*:*
- cpe:2.3:a:webmproject:libvpx:0.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:webmproject:libvpx:0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:webmproject:libvpx:0.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:webmproject:libvpx:0.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:webmproject:libvpx:0.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:webmproject:libvpx:0.9.7:*:*:*:*:*:*:*
More vulnerabilities in Webmproject Libvpx
- CVE-2010-4203 — Critical (CVSS 9.8): WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers…
- CVE-2024-5197 — Critical (CVSS 9.1): There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of…
- CVE-2023-5217 — High (CVSS 8.8): Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a…
- CVE-2023-6349 — High (CVSS 7.5): A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally…
- CVE-2023-44488 — High (CVSS 7.5): VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.
All CVEs affecting Webmproject Libvpx →
Other CWE-20 (Improper Input Validation) vulnerabilities
- CVE-2026-48316 — Critical (CVSS 10.0): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could…
- CVE-2026-48281 — Critical (CVSS 10.0): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could…
- CVE-2026-48277 — Critical (CVSS 10.0): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could…
- CVE-2026-48055 — Critical (CVSS 10.0): Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and…
- CVE-2026-34910 — Critical (CVSS 10.0): A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS…
- CVE-2026-33587 — Critical (CVSS 10.0): Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and…
Browse all CWE-20 (Improper Input Validation) vulnerabilities →