Ukukhululwa komdlali wemidiya , apho zaqokelelwa khona kwaye isusiwe , kuquka iingxaki ezintathu (CVE-2019-14970, CVE-2019-14777, CVE-2019-14533) ukwenza ikhowudi yomhlaseli xa uzama ukudlala iifayile zemultimedia eziyilwe ngokukodwa kwiifomati zeMKV kunye ne-ASF (bhala ukuphuphuma kwebuffer kunye neengxaki ezimbini zokufikelela kwimemori emva kokuba ikhululiwe).
Ubuthathaka obune kwi-OGG, i-AV1, i-FAAD, abaphathi befomathi ye-ASF ibangelwa ukukwazi ukufunda idatha kwiindawo zememori ngaphandle kwe-buffer eyabelwe. Iingxaki ezintathu zikhokelela kwi-NULL pointer dereferences kwi-dvdnav, ASF kunye ne-AVI yokungapakishi ifomathi. Ubuthathaka obunye buvumela ukuphuphuma kwenani elipheleleyo kwi-MP4 decompressor.
Ingxaki nge-OGG fomati unpacker (CVE-2019-14438) ngabaphuhlisi beVLC njengokufunda kwindawo engaphandle kwesithinteli (funda ukuphuphuma kwebuffer), kodwa abaphandi bokhuseleko bachonge ubuthathaka. , enokubangela ukubhala okuphuphumayo kwaye kubangele ukuphunyezwa kwekhowudi xa kusetyenzwa i-OGG, i-OGM kunye neefayile ze-OPUS kunye nebhloko eyenzelwe ngokukodwa i-header.
Kukwakho nokuba semngciphekweni (CVE-2019-14533) kwifomati ye-ASF unpacker, ekuvumela ukuba ubhale idatha kwindawo yememori esele ikhululiwe kwaye ufezekise ukwenziwa kwekhowudi xa usenza umsebenzi wokuskrola phambili okanye ngasemva kumgca wexesha ngexesha lokudlala kwakhona kweWMV kunye Iifayile zeWMA. Ukongezelela, iingxaki ze-CVE-2019-13602 (i-integer overflow) kunye ne-CVE-2019-13962 (ukufunda ukusuka kwindawo engaphandle kwe-buffer) babelwa kwinqanaba elibalulekileyo lengozi (8.8 kunye ne-9.8), kodwa abaphuhlisi beVLC abavumelani kwaye qwalasela obu buthathaka bungabi yingozi (bacebisa ukutshintsha inqanaba ukuya kwi-4.3).
Izilungiso ezingakhuselekanga zibandakanya ukulungiswa kwe-stuttering xa ubukela iividiyo kumazinga aphantsi esakhelo, ukuphucula inkxaso yokusasazwa okuguquguqukayo (ikhowudi ephuculweyo ye-buffering), ukusombulula iingxaki ngokunikezela imibhalo engezantsi ye-WebVTT, ukuphucula imveliso yomsindo kwiiplatifomu ze-macOS kunye ne-iOS, ukuhlaziya iskripthi sokukhuphela kwi-Youtube , Ukusombulula imiba ngokuvumela i-Direct3D11 ukuba isebenzise ukukhawuleza kwehardware kwiinkqubo ezinabaqhubi abathile be-AMD.
umthombo: opennet.ru