- Reported
-
- Issued
-
- Package
-
libpulse-binding
(crates.io)
- Type
-
Vulnerability
- Categories
-
- Aliases
-
- Details
-
https://github.com/jnqnfe/pulse-binding-rust/security/advisories/GHSA-ghpq-vjxw-ch5w
- Patched
-
- Affected Functions
- Version
libpulse_binding::stream::Stream::get_context
-
libpulse_binding::stream::Stream::get_format_info
-
Description
Affected versions contained a pair of use-after-free issues with the objects returned by the get_format_info
and get_context
methods of Stream
objects. These objects were mistakenly being constructed without setting an important flag to prevent destruction of the underlying C objects they reference upon their own destruction.