CVE-2012-0823 Information

Description

VP8 Codec SDK (libvpx) before 1.0.0 \Duclair\ allows remote attackers to cause a denial of service (application crash) via (1) unspecified \corrupt input\ or (2) by \starting decoding from a P-frame\ which triggers an out-of-bounds read related to \the clamping of motion vectors in SPLITMV blocks.

Reference

http://blog.webmproject.org/2012/01/vp8-codec-sdk-duclair-released.html http://code.google.com/p/webm/source/browse/CHANGELOG?repo=libvpx http://www.mandriva.com/security/advisories?name=MDVSA-2012:023 http://www.openwall.com/lists/oss-security/2012/01/28/4 http://www.openwall.com/lists/oss-security/2012/01/30/2 http://www.securityfocus.com/bid/51775