ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > VLC 3.0.8 media player hloov tshiab nrog qhov tsis zoo tau kho

VLC 3.0.8 media player hloov tshiab nrog qhov tsis zoo tau kho

Xa los ntawm kho media player tso tawm VLC 3.0.8, nyob rau hauv uas lub accumulated ua yuam kev thiab tshem tawm 13 vulnerabilities, suav nrog peb qhov teeb meem (CVE-2019-14970, CVE-2019-14777, CVE-2019-14533) muaj cai txhawm rau tua tus neeg tawm tsam cov cai thaum sim ua si tshwj xeeb tsim cov ntaub ntawv multimedia hauv MKV thiab ASF hom ntawv (sau tsis txaus thiab ob qho teeb meem nrog kev nkag mus rau lub cim xeeb tom qab nws tso tawm).

Plaub qhov tsis zoo hauv OGG, AV1, FAAD, ASF cov neeg tuav ntaub ntawv yog tshwm sim los ntawm kev muaj peev xwm nyeem cov ntaub ntawv los ntawm qhov chaw nco sab nraud ntawm qhov tsis sib faib. Peb qhov teeb meem ua rau NULL pointer dereferences hauv dvdnav, ASF thiab AVI hom unpackers. Ib qho yooj yim tso cai rau ib qho integer overflow hauv MP4 decompressor.

Teeb meem nrog OGG hom unpacker (CVE-2019-14438) cim los ntawm VLC cov neeg tsim tawm raws li kev nyeem ntawv los ntawm thaj chaw sab nraum qhov tsis muaj (nyeem tsis dhau), tab sis cov kws tshawb fawb txog kev ruaj ntseg tau txheeb xyuas qhov tsis zoo. thov, uas tuaj yeem ua rau kev sau ntawv hla dhau thiab ua rau kev ua tiav cov lej thaum ua cov ntaub ntawv OGG, OGM thiab OPUS nrog cov ntawv tshwj xeeb tsim los ntawm header block.

Kuj tseem muaj qhov tsis zoo (CVE-2019-14533) hauv ASF hom unpacker, uas tso cai rau koj sau cov ntaub ntawv mus rau thaj chaw nco tau tso tseg thiab ua tiav cov lej ua tiav thaum ua haujlwm scroll rau pem hauv ntej lossis rov qab ua haujlwm ntawm lub sijhawm thaum rov ua haujlwm ntawm WMV thiab WMA cov ntaub ntawv. Tsis tas li ntawd, cov teeb meem CVE-2019-13602 (tus lej suav dhau) thiab CVE-2019-13962 (nyeem los ntawm thaj chaw sab nraud tsis muaj) tau muab rau qib tseem ceeb ntawm kev phom sij (8.8 thiab 9.8), tab sis VLC cov neeg tsim khoom tsis pom zoo thiab xav txog cov kev tsis zoo no tsis txaus ntshai (lawv hais kom hloov qib mus rau 4.3).

Kev txhim kho tsis muaj kev ruaj ntseg suav nrog kev txhim kho stuttering thaum saib cov yeeb yaj kiab ntawm tus nqi qis, txhim kho kev txhawb nqa rau kev hloov kho streaming (txhim kho buffering code), daws teeb meem nrog rendering WebVTT subtitles, txhim kho suab tso tawm ntawm macOS thiab iOS platforms, hloov kho cov ntawv rau rub tawm los ntawm Youtube, Kev daws teeb meem nrog kev ua kom Direct3D11 siv kho vajtse nrawm ntawm cov tshuab nrog qee tus tsav tsheb AMD.

Tau qhov twg los: opennet.ru

Ntxiv ib saib