{"id":"RUSTSEC-2018-0021","summary":"Use-after-free with objects returned by `Stream`'s `get_format_info` and `get_context` methods","details":"Affected versions contained a pair of use-after-free issues with the objects returned by the `get_format_info` and `get_context` methods of `Stream` objects. These objects were mistakenly being constructed without setting an important flag to prevent destruction of the underlying C objects they reference upon their own destruction.","aliases":["CVE-2018-25027","CVE-2018-25028","GHSA-ghpq-vjxw-ch5w","GHSA-hxjf-h2mh-r6hj","GHSA-jqpv-jm4m-86j9"],"modified":"2023-11-08T04:00:15.029606Z","published":"2018-06-15T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/libpulse-binding"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2018-0021.html"},{"type":"ADVISORY","url":"https://github.com/jnqnfe/pulse-binding-rust/security/advisories/GHSA-ghpq-vjxw-ch5w"}],"affected":[{"package":{"name":"libpulse-binding","ecosystem":"crates.io","purl":"pkg:cargo/libpulse-binding"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"1.2.1"}]}],"ecosystem_specific":{"affects":{"arch":[],"os":[],"functions":["libpulse_binding::stream::Stream::get_context","libpulse_binding::stream::Stream::get_format_info"]},"affected_functions":null},"database_specific":{"cvss":null,"informational":null,"categories":["memory-corruption"],"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2018-0021.json"}}],"schema_version":"1.7.3"}