ProHoster > Блог > labaran intanet > VLC 3.0.8 sabunta mai jarida mai kunnawa tare da ƙayyadaddun lahani

VLC 3.0.8 sabunta mai jarida mai kunnawa tare da ƙayyadaddun lahani

Ƙaddamar da gyara mai kunna jarida VLC 3.0.8, wanda aka tara kurakurai da kuma kawar da su 13 rauni, gami da matsaloli guda uku (CVE-2019-14970, CVE-2019-14777, CVE-2019-14533) iya jagoranci don aiwatar da lambar maharin lokacin ƙoƙarin kunna fayilolin multimedia da aka ƙera musamman a cikin tsarin MKV da ASF (rubuta buffer ambaliya da matsaloli biyu tare da samun damar ƙwaƙwalwar ajiya bayan an sake shi).

Rashin lahani huɗu a cikin masu sarrafa tsarin OGG, AV1, FAAD, ASF ana haifar da su ta hanyar ikon karanta bayanai daga wuraren ƙwaƙwalwar ajiya a waje da abin da aka keɓe. Matsaloli guda uku suna haifar da NULL ɓarkewar ma'ana a cikin dvdnav, ASF da AVI format unpackers. Rashin lahani ɗaya yana ba da damar adadin lamba a cikin na'urar ragewa MP4.

Matsala tare da buɗaɗɗen tsarin OGG (CVE-2019-14438) alama ta masu haɓaka VLC kamar yadda ake karantawa daga wani yanki a waje da buffer (karanta buffer ambaliya), amma masu binciken tsaro sun gano raunin. da'awar, wanda zai iya haifar da cikar rubuce-rubuce da kuma haifar da kisa na lamba lokacin sarrafa fayilolin OGG, OGM da OPUS tare da ƙayyadaddun toshewar kai.

Hakanan akwai rauni (CVE-2019-14533) a cikin tsarin unpacker na ASF, wanda ke ba ku damar rubuta bayanai zuwa yankin ƙwaƙwalwar ajiya da aka rigaya kuma ku cimma aiwatar da lambar yayin yin aikin gungurawa gaba ko baya akan tsarin lokaci yayin sake kunnawa na WMV kuma WMA fayiloli. Bugu da ƙari, matsalolin CVE-2019-13602 (labarin lamba) da CVE-2019-13962 (karantawa daga wani yanki a waje da buffer) an sanya su cikin haɗari mai mahimmanci (8.8 da 9.8), amma masu haɓaka VLC ba su yarda ba kuma la'akari da waɗannan raunin da ba su da haɗari (suna ba da shawarar canza matakin zuwa 4.3).

gyare-gyaren da ba na tsaro ba sun haɗa da gyaran stuttering lokacin kallon bidiyo a ƙananan ƙananan ƙira, haɓaka tallafi don daidaitawa mai daidaitawa (ingantattun lambar buffering), warware matsaloli tare da ma'anar fassarar WebVTT, inganta fitarwar sauti akan dandamali na macOS da iOS, sabunta rubutun don saukewa daga Youtube, Magance batutuwa tare da ba da damar Direct3D11 don amfani da haɓaka kayan aiki akan tsarin tare da wasu direbobin AMD.

source: budenet.ru

Add a comment