ntọhapụ ọkpụkpọ mgbasa ozi na-emezigharị , nke na-akwakọba ma kpochapụ , gụnyere nsogbu atọ (CVE-2019-14970, CVE-2019-14777, CVE-2019-14533) iji mezuo koodu onye na-awakpo mgbe ị na-agbalị ịmegharị faịlụ mgbasa ozi ahaziri ahazi na usoro MKV na ASF (dee ihe nchekwa nchekwa na nsogbu abụọ na ịnweta ebe nchekwa mgbe ahapụchara ya).
Ihe ọghọm anọ dị na ndị na-ahụ maka usoro OGG, AV1, FAAD, ASF bụ ikike ịgụ data sitere na ebe nchekwa na mpụga ebe nchekwa ekenyela. Nsogbu atọ na-eduga na NULL pointer dereferences na dvdnav, ASF na AVI format unpackers. Otu adịghị ike na-enye ohere maka integer njupụta na MP4 decompressor.
Nsogbu dị na mpempe akwụkwọ OGG (CVE-2019-14438) nke ndị mmepe VLC si na-agụ site na mpaghara na-abụghị ihe nchekwa (gụọ oke ihe nchekwa), mana ndị nyocha nchekwa chọpụtara adịghị ike ahụ. , nke nwere ike ime ka idebiga ihe ókè ma mee ka koodu ogbugbu mgbe ị na-ahazi faịlụ OGG, OGM na OPUS na ngọngọ nkụnye eji isi mee nke ọma.
Enwekwara ihe ọghọm (CVE-2019-14533) na ASF format unpacker, nke na-enye gị ohere ide data na ebe nchekwa a tọhapụrụlarị wee nweta ogbugbu koodu mgbe ị na-arụ ọrụ mpịakọta n'ihu ma ọ bụ azụ azụ na usoro iheomume n'oge playback nke WMV na WMA faịlụ. Na mgbakwunye, nsogbu CVE-2019-13602 (integer overflow) na CVE-2019-13962 (ịgụ site na mpaghara na-abụghị ihe nchekwa) ka ekenye ọkwa dị oke egwu (8.8 na 9.8), mana ndị mmepe VLC ekwenyeghị na tụlee adịghị ike ndị a adịghị ize ndụ (ha na-atụ aro ịgbanwe ọkwa na 4.3).
Ndozi na-abụghị nke nchekwa gụnyere idozi nsụ mgbe ị na-ekiri vidiyo na ọnụego etiti dị ala, na-emeziwanye nkwado maka nkwanye mgbanwe mgbanwe (koodu buffering ka mma), dozie nsogbu na ịsụgharị ndepụta okwu WebVTT, melite mmepụta ọdịyo na nyiwe macOS na iOS, na-emelite edemede maka nbudata na Youtube, Idozi nsogbu na-enyere Direct3D11 aka itinye ngwa ngwa ngwaike na sistemụ na ụfọdụ ndị ọkwọ ụgbọ ala AMD.
isi: opennet.ru