ukukhululwa kwesidlali semidiya esilungisayo , lapho okuqoqiwe khona futhi iqedwe , kufaka phakathi izinkinga ezintathu (CVE-2019-14970, CVE-2019-14777, CVE-2019-14533) ukwenza ikhodi yomhlaseli lapho ezama ukudlala amafayela emultimedia aklanywe ngokukhethekile kumafomethi e-MKV ne-ASF (bhala ukuchichima kwebhafa kanye nezinkinga ezimbili zokufinyelela inkumbulo ngemva kokuba ikhululiwe).
Ubungozi obune kuzibambi zefomethi ye-OGG, AV1, FAAD, ASF bubangelwa ikhono lokufunda idatha evela ezindaweni zememori ngaphandle kwebhafa enikeziwe. Izinkinga ezintathu ziholela ku-NULL pointer dereferences ku-dvdnav, ASF kanye nefomethi ye-AVI yokukhipha amaphakheji. Ukuba sengozini okukodwa kuvumela ukuchichima okuphelele ku-decompressor ye-MP4.
Inkinga ngefomethi ye-OGG unpacker (CVE-2019-14438) ngabathuthukisi be-VLC njengokufunda endaweni engaphandle kwebhafa (funda ukuchichima kwebhafa), kodwa abacwaningi bezokuphepha bahlonze ubungozi , okungabangela ukuchichima kokubhala futhi kubangele ukukhishwa kwekhodi lapho kucutshungulwa amafayela e-OGG, OGM kanye ne-OPUS ngebhulokhi likanhlokweni eliklanywe ngokukhethekile.
Kuphinde kube sengozini (CVE-2019-14533) kufomethi ye-ASF unpacker, ekuvumela ukuthi ubhale idatha endaweni yenkumbulo esivele ikhululiwe futhi uzuze ukukhishwa kwekhodi lapho wenza umsebenzi wokuskrola uye phambili noma emuva emugqeni wesikhathi ngesikhathi sokudlalwa kwe-WMV kanye Amafayela e-WMA. Ngaphezu kwalokho, izinkinga i-CVE-2019-13602 (ukuchichima okuphelele) kanye ne-CVE-2019-13962 (ukufunda endaweni engaphandle kwendawo engaphandle kwe-buffer) zinikezwe izinga elibucayi lengozi (8.8 kanye ne-9.8), kodwa abathuthukisi be-VLC abavumelani futhi cabanga lobu buthakathaka abuyona ingozi (baphakamisa ukuguqula izinga libe ngu-4.3).
Ukulungisa okungavikeleki kuhlanganisa ukulungisa ukungingiza lapho ubuka amavidiyo ngamanani aphansi ozimele, ukuthuthukisa ukusekelwa kokusakaza okuvumelana nezimo (ikhodi yebhafa ethuthukisiwe), ukuxazulula izinkinga ngokunikeza imibhalo engezansi ye-WebVTT, ukuthuthukisa ukuphuma komsindo kumapulatifomu e-macOS ne-iOS, ukubuyekezwa kombhalo ukuze ulandwe ku-YouTube , Ukuxazulula izinkinga ngokuvumela i-Direct3D11 ukuthi isebenzise ukusheshisa kwehadiwe kumasistimu anamanye abashayeli be-AMD.
Source: opennet.ru