CVE-2012-0823

Name: CVE-2012-0823
Creator: NVD / NIST
Published: 2012-02-23T20:07:32.627+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.63%

Last modified Jun 16, 2026

CVE-2012-0823 is a vulnerability of currently unknown severity. VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers to cause a denial of service (application crash) via (1) unspecified "corrupt input" or (2) by "starting decoding from a P-frame," which triggers an out-of-bounds read, related to "the clamping of motion vectors in SPLITMV blocks".. EPSS estimates a 2.63% chance of exploitation in the next 30 days.

Description

VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers to cause a denial of service (application crash) via (1) unspecified "corrupt input" or (2) by "starting decoding from a P-frame," which triggers an out-of-bounds read, related to "the clamping of motion vectors in SPLITMV blocks".

Metrics

EPSS Probability

2.63%

83.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-20

Affected Software

Vendor	Product	Versions	Update
Webmproject	Libvpx	<= 0.9.7	P1
Webmproject	Libvpx	0.9.0	—
Webmproject	Libvpx	0.9.1	—
Webmproject	Libvpx	0.9.2	—
Webmproject	Libvpx	0.9.5	—
Webmproject	Libvpx	0.9.6	—
Webmproject	Libvpx	0.9.7	—

References

Timeline

Published: Feb 23, 2012
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2012-0823?

How severe is CVE-2012-0823?

Severity scoring for CVE-2012-0823 is pending analysis. The EPSS model estimates a 2.63% probability of exploitation in the next 30 days.

How do I fix CVE-2012-0823?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2012-0823?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST