Update Request - GSD-2021-1000000
Closed this issue · 1 comments
joshbuker commented
Automated Edit Request
For: "GSD-2021-1000000"
{
"GSD": {
"vendor_name": "GPAC",
"product_name": "GPAC",
"product_version": "0.8.0",
"vulnerability_type": "Denial of service(DoS)",
"affected_component": "GPAC 0.8.0-e10d39d-master branch",
"attack_vector": "a malicious image file",
"impact": "DoS. An attacker can exploit this vulnerability by submitting a malicious media file that exploits this issue. This will result in a Denial of Service (DoS) when the application attempts to process the file.",
"credit": "Rui Yang, Riddle Ben",
"references": [
"https://github.com/gpac/gpac/issues/1485"
],
"reporter": "DuckRui",
"notes": "Here are crash files.https://github.com/DuckRui/vul-/blob/master/isom_store163. https://github.com/DuckRui/vul-/blob/master/isom_store165. https://github.com/DuckRui/vul-/blob/master/isom_store173.",
"description": "In GPAC GPAC version 0.8.0 a Denial of service(DoS) exists in the GPAC 0.8.0-e10d39d-master branch that can be attacked via a malicious image file resulting in DoS. An attacker can exploit this vulnerability by submitting a malicious media file that exploits this issue. This will result in a Denial of Service (DoS) when the application attempts to process the file."
},
"OSV": {
"id": "GSD-2021-1000000",
"summary": "Denial of service(DoS) in GPAC version 0.8.0",
"details": "In GPAC GPAC version 0.8.0 a Denial of service(DoS) exists in the GPAC 0.8.0-e10d39d-master branch that can be attacked via a malicious image file resulting in DoS. An attacker can exploit this vulnerability by submitting a malicious media file that exploits this issue. This will result in a Denial of Service (DoS) when the application attempts to process the file..",
"modified": "2021-06-24T22:55:38.996515Z",
"published": "2021-05-31T15:39:45.031586Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/1485"
}
],
"affected": [
{
"package": {
"name": "GPAC",
"ecosystem": "DWF"
},
"versions": [
"0.8.0"
]
}
]
}
}
joshbuker commented
Works, neat.
Also, need to implement a sandbox mode sooner rather than later.