Likotsi tse 'ne ho OGG, AV1, FAAD, ASF lifomete tse sebetsanang le tsona li bakoa ke bokhoni ba ho bala lintlha tse tsoang libakeng tsa memori ka ntle ho buffer e fanoeng. Mathata a mararo a lebisa ho NULL pointer dereferences ho li-unpackers tsa dvdnav, ASF le AVI. Kotsi e le 'ngoe e lumella hore ho be le phallo e felletseng ho MP4 decompressor.
Bothata ba sebopeho sa OGG sa unpacker (CVE-2019-14438)
Ho boetse ho na le ts'oaetso (CVE-2019-14533) ka har'a sebopeho sa ASF sa unpacker, se u lumellang hore u ngole data sebakeng sa memori se seng se lokolotsoe le ho fihlela ts'ebetso ea khoutu ha u etsa ts'ebetso ea ho ea pele kapa ea morao moleng oa nako nakong ea ho bapala WMV le Lifaele tsa WMA. Ho feta moo, mathata a CVE-2019-13602 (integer overflow) le CVE-2019-13962 (ho bala ho tsoa sebakeng se ka ntle ho buffer) ba abeloa boemo bo tebileng ba kotsi (8.8 le 9.8), empa baetsi ba VLC ha ba lumellane le nahana ka bofokoli bona ha bo kotsi (ba sisinya ho fetola boemo ho 4.3).
Litokiso tseo e seng tsa ts'ireletso li kenyelletsa ho lokisa lehoelea ha u shebelletse livideo ka litefiso tse tlase tsa foreimi, ho ntlafatsa ts'ehetso bakeng sa phallo e feto-fetohang (khoutu e ntlafalitsoeng ea buffering), ho rarolla mathata ka ho fana ka subtitles tsa WebVTT, ho ntlafatsa tlhahiso ea molumo ho li-platform tsa macOS le iOS, ho ntlafatsa sengoloa bakeng sa ho khoasolla ho tsoa ho Youtube. Ho rarolla mathata ka ho nolofalletsa Direct3D11 ho sebelisa ho potlakisa lisebelisoa ho litsamaiso tse nang le bakhanni ba bang ba AMD.
Source: opennet.ru