Candidate: CVE-2012-0823
PublicDate: 2012-02-23 20:07:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0823
 http://blog.webmproject.org/2012/01/vp8-codec-sdk-duclair-released.html
 http://seclists.org/oss-sec/2012/q1/315
Description:
 VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers to
 cause a denial of service (application crash) via (1) unspecified "corrupt
 input" or (2) by "starting decoding from a P-frame," which triggers an
 out-of-bounds read, related to "the clamping of motion vectors in SPLITMV
 blocks".
Ubuntu-Description: 
Notes: 
 tyhicks> Upstream changelog indicates this was introduced in 0.9.7
Bugs: 
Priority: low
Discovered-by:
Assigned-to: 
CVSS: 

Patches_libvpx:
upstream_libvpx: not-affected (1.0.0-2)
hardy_libvpx: DNE
lucid_libvpx: not-affected
maverick_libvpx: not-affected
natty_libvpx: not-affected
oneiric_libvpx: not-affected (0.9.6-1)
devel_libvpx: not-affected (1.0.0-1)