Kusagadzikana ina muOGG, AV1, FAAD, ASF mafomati ekubata anokonzerwa nekugona kuverenga data kubva munzvimbo dzekurangarira kunze kweiyo buffer yakagoverwa. Matambudziko matatu anotungamira kune NULL pointer dereferences mudvdnav, ASF uye AVI fomati unpackers. Kusagadzikana kumwe kunobvumira kuwanda kwehuwandu muMP4 decompressor.
Dambudziko neOGG fomati unpacker (CVE-2019-14438)
Kune zvakare kusagadzikana (CVE-2019-14533) mune iyo ASF fomati unpacker, iyo inokutendera iwe kuti unyore data kune yakatosunungurwa ndangariro nzvimbo uye kuzadzisa kodhi kuuraya paunenge uchiita kupepeta kumberi kana kumashure kuvhiya panguva yekutamba kweWMV uye. WMA mafaira. Uye zvakare, iwo matambudziko CVE-2019-13602 (integer kufashukira) uye CVE-2019-13962 (kuverenga kubva kune imwe nzvimbo iri kunze kwebuffer) vanopihwa nhanho yakaoma yengozi (8.8 uye 9.8), asi vanogadzira VLC havabvumirani uye funga nezvekusagadzikana uku hakuna njodzi (vanokurudzira kuchinja nhanho kuenda ku4.3).
Zvisiri-kuchengetedza zvigadziriso zvinosanganisira kugadzirisa stuttering paunenge uchiona mavhidhiyo pamitengo yakaderera, kuvandudza tsigiro yekuchinjisa kutenderera (yakavandudzwa buffering kodhi), kugadzirisa matambudziko nekupa WebVTT subtitles, kuvandudza odhiyo kubuda paMacOS uye iOS mapuratifomu, kuvandudza script kurodha kubva kuYouTube, Kugadzirisa nyaya nekuita kuti Direct3D11 ishandise kukwidziridzwa kwehardware pane masisitimu ane mamwe madhiraivha e AMD.
Source: opennet.ru