Ziwopsezo zinayi mu OGG, AV1, FAAD, ASF osamalira mawonekedwe amayamba chifukwa chotha kuwerenga zambiri kuchokera kumalo okumbukira kunja kwa buffer yomwe idaperekedwa. Mavuto atatu amatsogolera ku NULL pointer dereferences mu dvdnav, ASF ndi AVI format unpackers. Chiwopsezo chimodzi chimalola kusefukira kokwanira mu MP4 decompressor.
Vuto ndi OGG mtundu unpacker (CVE-2019-14438)
Palinso chiwopsezo (CVE-2019-14533) mu mtundu wa ASF unpacker, womwe umakupatsani mwayi kuti mulembe zambiri kumalo okumbukira omwe mwamasulidwa kale ndikukwaniritsa ma code pochita mpukutu wopita patsogolo kapena m'mbuyo pamndandanda wanthawi panthawi yosewera WMV ndi Zithunzi za WMA. Kuphatikiza apo, mavuto a CVE-2019-13602 (kusefukira kwathunthu) ndi CVE-2019-13962 (kuwerenga kuchokera kudera lakunja kwa buffer) amapatsidwa gawo lalikulu langozi (8.8 ndi 9.8), koma opanga VLC samavomereza ndipo lingalirani zofooka izi sizowopsa (akufuna kusintha mulingo kukhala 4.3).
Kukonzekera kopanda chitetezo kumaphatikizapo kukonza chibwibwi mukamayang'ana makanema pamitengo yotsika, kuwongolera kuthandizira kosinthira (kodi yowongolera bwino), kuthetsa mavuto pakumasulira mawu am'munsi a WebVTT, kukonza zotulutsa mawu pamapulatifomu a macOS ndi iOS, kukonzanso zolemba kuti zitsitsidwe kuchokera ku Youtube , Kuthetsa zovuta ndikupangitsa Direct3D11 kugwiritsa ntchito kuthamangitsa kwa hardware pamakina omwe ali ndi madalaivala ena a AMD.
Source: opennet.ru