Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > Kusintha kwa VLC 3.0.8 media player ndi zofooka zokhazikika

Kusintha kwa VLC 3.0.8 media player ndi zofooka zokhazikika

Yovomerezedwa ndi kukonza media player kumasulidwa VLC 3.0.8, mmene anasonkhanitsa zolakwa ndi kuthetsedwa 13 zofooka, kuphatikiza mavuto atatu (CVE-2019-14970, CVE-2019-14777, CVE-2019-14533) akhoza kutsogolera kugwiritsa ntchito code ya wowukirayo poyesa kusewera mafayilo opangidwa mwapadera mu MKV ndi ASF (lembani buffer kusefukira ndi zovuta ziwiri zofikira kukumbukira zitamasulidwa).

Ziwopsezo zinayi mu OGG, AV1, FAAD, ASF osamalira mawonekedwe amayamba chifukwa chotha kuwerenga zambiri kuchokera kumalo okumbukira kunja kwa buffer yomwe idaperekedwa. Mavuto atatu amatsogolera ku NULL pointer dereferences mu dvdnav, ASF ndi AVI format unpackers. Chiwopsezo chimodzi chimalola kusefukira kokwanira mu MP4 decompressor.

Vuto ndi OGG mtundu unpacker (CVE-2019-14438) cholembedwa ndi opanga VLC monga kuwerenga kuchokera kudera lakunja kwa buffer (werengani buffer kusefukira), koma ofufuza zachitetezo adazindikira chiwopsezocho. kuda, zomwe zingapangitse kulemba kusefukira ndi kuyambitsa ma code pokonza mafayilo a OGG, OGM ndi OPUS okhala ndi mutu wopangidwa mwapadera.

Palinso chiwopsezo (CVE-2019-14533) mu mtundu wa ASF unpacker, womwe umakupatsani mwayi kuti mulembe zambiri kumalo okumbukira omwe mwamasulidwa kale ndikukwaniritsa ma code pochita mpukutu wopita patsogolo kapena m'mbuyo pamndandanda wanthawi panthawi yosewera WMV ndi Zithunzi za WMA. Kuphatikiza apo, mavuto a CVE-2019-13602 (kusefukira kwathunthu) ndi CVE-2019-13962 (kuwerenga kuchokera kudera lakunja kwa buffer) amapatsidwa gawo lalikulu langozi (8.8 ndi 9.8), koma opanga VLC samavomereza ndipo lingalirani zofooka izi sizowopsa (akufuna kusintha mulingo kukhala 4.3).

Kukonzekera kopanda chitetezo kumaphatikizapo kukonza chibwibwi mukamayang'ana makanema pamitengo yotsika, kuwongolera kuthandizira kosinthira (kodi yowongolera bwino), kuthetsa mavuto pakumasulira mawu am'munsi a WebVTT, kukonza zotulutsa mawu pamapulatifomu a macOS ndi iOS, kukonzanso zolemba kuti zitsitsidwe kuchokera ku Youtube , Kuthetsa zovuta ndikupangitsa Direct3D11 kugwiritsa ntchito kuthamangitsa kwa hardware pamakina omwe ali ndi madalaivala ena a AMD.

Source: opennet.ru

Kuwonjezera ndemanga