Update Request - GSD-2021-1000000

Question

Update Request - GSD-2021-1000000

Closed this issue 2 years ago · 1 comments

Automated Edit Request

For: "GSD-2021-1000000"

{
  "GSD": {
    "vendor_name": "GPAC",
    "product_name": "GPAC",
    "product_version": "0.8.0",
    "vulnerability_type": "Denial of service(DoS)",
    "affected_component": "GPAC 0.8.0-e10d39d-master branch",
    "attack_vector": "a malicious image file",
    "impact": "DoS. An attacker can exploit this vulnerability by submitting a malicious media file that exploits this issue. This will result in a Denial of Service (DoS) when the application attempts to process the file.",
    "credit": "Rui Yang, Riddle Ben",
    "references": [
      "https://github.com/gpac/gpac/issues/1485"
    ],
    "reporter": "DuckRui",
    "notes": "Here are crash files.https://github.com/DuckRui/vul-/blob/master/isom_store163. https://github.com/DuckRui/vul-/blob/master/isom_store165. https://github.com/DuckRui/vul-/blob/master/isom_store173.",
    "description": "In GPAC GPAC version 0.8.0 a Denial of service(DoS) exists in the GPAC 0.8.0-e10d39d-master branch that can be attacked via a malicious image file resulting in DoS. An attacker can exploit this vulnerability by submitting a malicious media file that exploits this issue. This will result in a Denial of Service (DoS) when the application attempts to process the file."
  },
  "OSV": {
    "id": "GSD-2021-1000000",
    "summary": "Denial of service(DoS) in GPAC version 0.8.0",
    "details": "In GPAC GPAC version 0.8.0 a Denial of service(DoS) exists in the GPAC 0.8.0-e10d39d-master branch that can be attacked via a malicious image file resulting in DoS. An attacker can exploit this vulnerability by submitting a malicious media file that exploits this issue. This will result in a Denial of Service (DoS) when the application attempts to process the file..",
    "modified": "2021-06-24T22:55:38.996515Z",
    "published": "2021-05-31T15:39:45.031586Z",
    "references": [
      {
        "type": "WEB",
        "url": "https://github.com/gpac/gpac/issues/1485"
      }
    ],
    "affected": [
      {
        "package": {
          "name": "GPAC",
          "ecosystem": "DWF"
        },
        "versions": [
          "0.8.0"
        ]
      }
    ]
  }
}

Answer 1 · 2022-08-05T18:12:29.000Z

Works, neat.

Also, need to implement a sandbox mode sooner rather than later.