media player corrective release , in which the accumulated and eliminated () caused buffer in the hxxx_AnnexB_to_xVC() function. The vulnerability potentially allows attacker code to be executed when playing specially designed H.264 (Annex-B) video packed, for example, into an AVI container. There is no mention of creating a working exploit yet. In addition to problems in the VLC code, two vulnerabilities have been fixed (, ) in the libarchive library built into some bootsets.
Among the non-security-related changes are the elimination of regressions in the work with HLS and AAC, as well as the improvement of the position change in the stream for M4A files. macOS builds address issues that cause audio to break, crash when accessing mounted Bluray discs, and crash on startup. Fixed Android-specific bugs in the sample rate change code.
Source: opennet.ru