- Reported
-
- Issued
-
- Package
-
libpulse-binding
(crates.io)
- Type
-
Vulnerability
- Categories
-
- Aliases
-
- References
-
- Patched
-
- Affected Functions
- Version
libpulse_binding::stream::Stream::get_context
-
libpulse_binding::stream::Stream::get_format_info
-
Description
Affected versions contained a pair of use-after-free issues with the objects returned by the get_format_info
and get_context
methods of Stream
objects. These objects were mistakenly being constructed without setting an important flag to prevent destruction of the underlying C objects they reference upon their own destruction.
Advisory available under CC0-1.0
license.