HistoryEditJSON (OSV)

RUSTSEC-2018-0021

Use-after-free with objects returned by Stream's get_format_info and get_context methods

Reported
Issued
Package
libpulse-binding (crates.io)
Type
Vulnerability
Categories
Aliases
References
Patched
  • >=1.2.1
Affected Functions
Version
libpulse_binding::stream::Stream::get_context
  • <1.2.1
libpulse_binding::stream::Stream::get_format_info
  • <1.2.1

Description

Affected versions contained a pair of use-after-free issues with the objects returned by the get_format_info and get_context methods of Stream objects. These objects were mistakenly being constructed without setting an important flag to prevent destruction of the underlying C objects they reference upon their own destruction.

Advisory available under CC0-1.0 license.