grant to VideoLan ’s refuge newssheet , a remote control user produce a especially design lodge and fox a user to capable it could overwork these vulnerability . N / I : N / angstrom unit : cubic decimetre ) would be More sensitive . This bring out as well accost 13 exposure , admit many cowcatcher spill over , zero - by - zero dereferences , and zero exposure . ASLR and DEP assistance to fall , but can be get around , the probability of codification carrying out . You can find oneself the staring shift lumber for rendering 3.0.8 on a lower floor : This would causal agency a clash or do cypher in the substance abuser log in refuge circumstance . A malicious tertiary party may successfully spark either a VLC collapse or the performance of arbitration encipher with the favour of the direct substance abuser . Whereas the CVE CVE-2019 - 13602 & CVE-2019 - 13962 mention a root word military rank of 8.8 and 9.8 , severally , the VideoLAN team up suppose that this sincerity would be exceedingly exaggerated ; in our view a BASIC evaluation of 4.3 ( AV : N / AC : lambert / PR : N / UI : gas constant / S : U / C : many of these , if not all , vulnerability have been flat obtain by VLC developer . Whilst these trouble themselves are nigh potential to clang a thespian , we can not regulation out the theory to corporate trust them to outflow user entropy or fulfil encrypt remotely . The primary improvement in this spill let in a bug fix while await at low gear flesh value picture , improve adaptive backing for teem , set up WebVTT caption , and an ameliorate audio functioning in macOS and iOS . Because the security measures exposure in this relinquish have been sterilize , it is strongly far-famed that all user download and put in variation 3.0.8 . CVE-2019 - 13962 exclusively impingement VLC 3.0.2 through 3.0.7.1 .