VP8 Codec SDK (libvpx) prior to 1.0.0 "Duclair" allows remote malicious users to cause a denial of service (application crash) via (1) unspecified "corrupt input" or (2) by "starting decoding from a P-frame," which triggers an out-of-bounds read, related to "the clamping of motion vectors in SPLITMV blocks".
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
webmproject libvpx 0.9.7 |
||
webmproject libvpx 0.9.6 |
||
webmproject libvpx 0.9.5 |
||
webmproject libvpx 0.9.2 |
||
webmproject libvpx 0.9.1 |
||
webmproject libvpx |
||
webmproject libvpx 0.9.0 |