ProHoster > Blog > internet nhau > VLC 3.0.8 media player update ine vulnerabilities yakagadziriswa

VLC 3.0.8 media player update ine vulnerabilities yakagadziriswa

Introduced inogadzirisa media player kuburitswa VLC 3.0.8, umo zvakaunganidzwa zvikanganiso uye yakabviswa 13 kushaya simba, kusanganisira matambudziko matatu (CVE-2019-14970, CVE-2019-14777, CVE-2019-14533) inogona kutungamirira kuita kodhi yeanorwisa paunenge uchiedza kuridza zvakanyatsogadzirwa mafaira emultimedia muMKV neASF mafomati (nyora buffer mafashama uye matambudziko maviri nekuwana ndangariro mushure mekusunungurwa).

Kusagadzikana ina muOGG, AV1, FAAD, ASF mafomati ekubata anokonzerwa nekugona kuverenga data kubva munzvimbo dzekurangarira kunze kweiyo buffer yakagoverwa. Matambudziko matatu anotungamira kune NULL pointer dereferences mudvdnav, ASF uye AVI fomati unpackers. Kusagadzikana kumwe kunobvumira kuwanda kwehuwandu muMP4 decompressor.

Dambudziko neOGG fomati unpacker (CVE-2019-14438) marked nevagadziri veVLC sekuverenga kubva kune imwe nzvimbo iri kunze kwebuffer (verenga buffer mafashama), asi vaongorori vezvekuchengetedza vakaona kusazvibata. kudai, iyo inogona kukonzera kunyora kufashukira uye kukonzera kodhi kuuraya paunenge uchigadzira OGG, OGM uye OPUS mafaera ane yakanyatso gadzirwa musoro block.

Kune zvakare kusagadzikana (CVE-2019-14533) mune iyo ASF fomati unpacker, iyo inokutendera iwe kuti unyore data kune yakatosunungurwa ndangariro nzvimbo uye kuzadzisa kodhi kuuraya paunenge uchiita kupepeta kumberi kana kumashure kuvhiya panguva yekutamba kweWMV uye. WMA mafaira. Uye zvakare, iwo matambudziko CVE-2019-13602 (integer kufashukira) uye CVE-2019-13962 (kuverenga kubva kune imwe nzvimbo iri kunze kwebuffer) vanopihwa nhanho yakaoma yengozi (8.8 uye 9.8), asi vanogadzira VLC havabvumirani uye funga nezvekusagadzikana uku hakuna njodzi (vanokurudzira kuchinja nhanho kuenda ku4.3).

Zvisiri-kuchengetedza zvigadziriso zvinosanganisira kugadzirisa stuttering paunenge uchiona mavhidhiyo pamitengo yakaderera, kuvandudza tsigiro yekuchinjisa kutenderera (yakavandudzwa buffering kodhi), kugadzirisa matambudziko nekupa WebVTT subtitles, kuvandudza odhiyo kubuda paMacOS uye iOS mapuratifomu, kuvandudza script kurodha kubva kuYouTube, Kugadzirisa nyaya nekuita kuti Direct3D11 ishandise kukwidziridzwa kwehardware pane masisitimu ane mamwe madhiraivha e AMD.

Source: opennet.ru

Voeg