Ubuthathaka obune kwi-OGG, i-AV1, i-FAAD, abaphathi befomathi ye-ASF ibangelwa ukukwazi ukufunda idatha kwiindawo zememori ngaphandle kwe-buffer eyabelwe. Iingxaki ezintathu zikhokelela kwi-NULL pointer dereferences kwi-dvdnav, ASF kunye ne-AVI yokungapakishi ifomathi. Ubuthathaka obunye buvumela ukuphuphuma kwenani elipheleleyo kwi-MP4 decompressor.
Ingxaki nge-OGG fomati unpacker (CVE-2019-14438)
Kukwakho nokuba semngciphekweni (CVE-2019-14533) kwifomati ye-ASF unpacker, ekuvumela ukuba ubhale idatha kwindawo yememori esele ikhululiwe kwaye ufezekise ukwenziwa kwekhowudi xa usenza umsebenzi wokuskrola phambili okanye ngasemva kumgca wexesha ngexesha lokudlala kwakhona kweWMV kunye Iifayile zeWMA. Ukongezelela, iingxaki ze-CVE-2019-13602 (i-integer overflow) kunye ne-CVE-2019-13962 (ukufunda ukusuka kwindawo engaphandle kwe-buffer) babelwa kwinqanaba elibalulekileyo lengozi (8.8 kunye ne-9.8), kodwa abaphuhlisi beVLC abavumelani kwaye qwalasela obu buthathaka bungabi yingozi (bacebisa ukutshintsha inqanaba ukuya kwi-4.3).
Izilungiso ezingakhuselekanga zibandakanya ukulungiswa kwe-stuttering xa ubukela iividiyo kumazinga aphantsi esakhelo, ukuphucula inkxaso yokusasazwa okuguquguqukayo (ikhowudi ephuculweyo ye-buffering), ukusombulula iingxaki ngokunikezela imibhalo engezantsi ye-WebVTT, ukuphucula imveliso yomsindo kwiiplatifomu ze-macOS kunye ne-iOS, ukuhlaziya iskripthi sokukhuphela kwi-Youtube , Ukusombulula imiba ngokuvumela i-Direct3D11 ukuba isebenzise ukukhawuleza kwehardware kwiinkqubo ezinabaqhubi abathile be-AMD.
umthombo: opennet.ru