CVE-2019-25055

The CVE-2019-25055 entry concerns the libpulse-binding crate for Rust (pre-2.6.0). The issue is a panic that is mishandled across an FFI boundary, causing undefined behavior. Affected versions prior to 2.6.0 expose a boundary error in the FFI during panic propagation; this is the underlying root ...

CVE-2018-25001

The CVE-2018-25001 issue affects the Rust crate libpulse-binding prior to version 2.5.0, where proplist::Iterator can cause a use-after-free by mismanaging the lifetime between Proplist and its iterator. Public references and advisories (e.g., GHSA-f56g-chqp-22m9 and GHSA-6GVC-4JVJ-PWQ4) describe...

CVE-2018-25028

CVE-2018-25028 affecting the Rust libpulse-binding crate prior to 1.2.1. The issue is a use-after-free in get_context (memory corruption risk) due to improper handling of underlying C objects. Public sources consistently describe this as a use-after-free vulnerability in the library, with multipl...

CVE-2018-25027

CVE-2018-25027 affects the Rust libpulse-binding crate prior to 1.2.1. The issue is a use-after-free in objects returned by get_format_info (and get_context per related advisories), leading to potential memory safety problems in PulseAudio bindings. Affected component: libpulse-binding (Rust crat...