ProHoster > Blog > litaba tsa inthanete > VLC 3.0.8 media player apdeite e nang le bofokoli bo tsitsitseng

VLC 3.0.8 media player apdeite e nang le bofokoli bo tsitsitseng

Tsebisoa tokollo ya sebapala media se lokisang VLC 3.0.8, eo ho bokeletseng liphoso le ho felisoa 13 bofokoli, ho kenyelletsa le mathata a mararo (CVE-2019-14970, CVE-2019-14777, CVE-2019-14533) e ka etellang pele ho phethahatsa khoutu ea mohlaseli ha u leka ho bapala lifaele tsa multimedia tse entsoeng ka mokhoa o khethehileng ka liforomo tsa MKV le ASF (ngola buffer overflow le mathata a mabeli a ho fihlella mohopolo ka mor'a hore e lokolloe).

Likotsi tse 'ne ho OGG, AV1, FAAD, ASF lifomete tse sebetsanang le tsona li bakoa ke bokhoni ba ho bala lintlha tse tsoang libakeng tsa memori ka ntle ho buffer e fanoeng. Mathata a mararo a lebisa ho NULL pointer dereferences ho li-unpackers tsa dvdnav, ASF le AVI. Kotsi e le 'ngoe e lumella hore ho be le phallo e felletseng ho MP4 decompressor.

Bothata ba sebopeho sa OGG sa unpacker (CVE-2019-14438) tshwailoe ke baetsi ba VLC e le ho bala ho tsoa sebakeng se kantle ho buffer (bala buffer overflow), empa bafuputsi ba ts'ireletso ba hlokometse ho ba kotsing. boipiletso, e ka bakang ho tlala ho ngola le ho baka ts'ebetso ea khoutu ha o sebetsana le lifaele tsa OGG, OGM le OPUS tse nang le sehlooho se entsoeng ka ho khetheha.

Ho boetse ho na le ts'oaetso (CVE-2019-14533) ka har'a sebopeho sa ASF sa unpacker, se u lumellang hore u ngole data sebakeng sa memori se seng se lokolotsoe le ho fihlela ts'ebetso ea khoutu ha u etsa ts'ebetso ea ho ea pele kapa ea morao moleng oa nako nakong ea ho bapala WMV le Lifaele tsa WMA. Ho feta moo, mathata a CVE-2019-13602 (integer overflow) le CVE-2019-13962 (ho bala ho tsoa sebakeng se ka ntle ho buffer) ba abeloa boemo bo tebileng ba kotsi (8.8 le 9.8), empa baetsi ba VLC ha ba lumellane le nahana ka bofokoli bona ha bo kotsi (ba sisinya ho fetola boemo ho 4.3).

Litokiso tseo e seng tsa ts'ireletso li kenyelletsa ho lokisa lehoelea ha u shebelletse livideo ka litefiso tse tlase tsa foreimi, ho ntlafatsa ts'ehetso bakeng sa phallo e feto-fetohang (khoutu e ntlafalitsoeng ea buffering), ho rarolla mathata ka ho fana ka subtitles tsa WebVTT, ho ntlafatsa tlhahiso ea molumo ho li-platform tsa macOS le iOS, ho ntlafatsa sengoloa bakeng sa ho khoasolla ho tsoa ho Youtube. Ho rarolla mathata ka ho nolofalletsa Direct3D11 ho sebelisa ho potlakisa lisebelisoa ho litsamaiso tse nang le bakhanni ba bang ba AMD.

Source: opennet.ru

Eketsa ka tlhaloso