Ubungozi obune kuzibambi zefomethi ye-OGG, AV1, FAAD, ASF bubangelwa ikhono lokufunda idatha evela ezindaweni zememori ngaphandle kwebhafa enikeziwe. Izinkinga ezintathu ziholela ku-NULL pointer dereferences ku-dvdnav, ASF kanye nefomethi ye-AVI yokukhipha amaphakheji. Ukuba sengozini okukodwa kuvumela ukuchichima okuphelele ku-decompressor ye-MP4.
Inkinga ngefomethi ye-OGG unpacker (CVE-2019-14438)
Kuphinde kube sengozini (CVE-2019-14533) kufomethi ye-ASF unpacker, ekuvumela ukuthi ubhale idatha endaweni yenkumbulo esivele ikhululiwe futhi uzuze ukukhishwa kwekhodi lapho wenza umsebenzi wokuskrola uye phambili noma emuva emugqeni wesikhathi ngesikhathi sokudlalwa kwe-WMV kanye Amafayela e-WMA. Ngaphezu kwalokho, izinkinga i-CVE-2019-13602 (ukuchichima okuphelele) kanye ne-CVE-2019-13962 (ukufunda endaweni engaphandle kwendawo engaphandle kwe-buffer) zinikezwe izinga elibucayi lengozi (8.8 kanye ne-9.8), kodwa abathuthukisi be-VLC abavumelani futhi cabanga lobu buthakathaka abuyona ingozi (baphakamisa ukuguqula izinga libe ngu-4.3).
Ukulungisa okungavikeleki kuhlanganisa ukulungisa ukungingiza lapho ubuka amavidiyo ngamanani aphansi ozimele, ukuthuthukisa ukusekelwa kokusakaza okuvumelana nezimo (ikhodi yebhafa ethuthukisiwe), ukuxazulula izinkinga ngokunikeza imibhalo engezansi ye-WebVTT, ukuthuthukisa ukuphuma komsindo kumapulatifomu e-macOS ne-iOS, ukubuyekezwa kombhalo ukuze ulandwe ku-YouTube , Ukuxazulula izinkinga ngokuvumela i-Direct3D11 ukuthi isebenzise ukusheshisa kwehadiwe kumasistimu anamanye abashayeli be-AMD.
Source: opennet.ru