Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c and src/modules/bluetooth/module-bluez5-device.c. Fixed in 1:8.0-0ubuntu3.14.
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Pulseaudio | Pulseaudio_project | 1:8.0-0ubuntu1 | 1:8.0-0ubuntu1 |
Pulseaudio | Pulseaudio_project | 1:8.0-0ubuntu2 | 1:8.0-0ubuntu2 |
Pulseaudio | Pulseaudio_project | 1:8.0-0ubuntu3 | 1:8.0-0ubuntu3 |
Pulseaudio | Pulseaudio_project | 1:8.0-0ubuntu3.1 | 1:8.0-0ubuntu3.1 |
Pulseaudio | Pulseaudio_project | 1:8.0-0ubuntu3.2 | 1:8.0-0ubuntu3.2 |
Pulseaudio | Pulseaudio_project | 1:8.0-0ubuntu3.3 | 1:8.0-0ubuntu3.3 |
Pulseaudio | Pulseaudio_project | 1:8.0-0ubuntu3.4 | 1:8.0-0ubuntu3.4 |
Pulseaudio | Pulseaudio_project | 1:8.0-0ubuntu3.5 | 1:8.0-0ubuntu3.5 |
Pulseaudio | Pulseaudio_project | 1:8.0-0ubuntu3.6 | 1:8.0-0ubuntu3.6 |
Pulseaudio | Pulseaudio_project | 1:8.0-0ubuntu3.7 | 1:8.0-0ubuntu3.7 |
Pulseaudio | Pulseaudio_project | 1:8.0-0ubuntu3.8 | 1:8.0-0ubuntu3.8 |
Pulseaudio | Pulseaudio_project | 1:8.0-0ubuntu3.9 | 1:8.0-0ubuntu3.9 |
Pulseaudio | Pulseaudio_project | 1:8.0-0ubuntu3.10 | 1:8.0-0ubuntu3.10 |
Pulseaudio | Pulseaudio_project | 1:8.0-0ubuntu3.11 | 1:8.0-0ubuntu3.11 |
Pulseaudio | Pulseaudio_project | 1:8.0-0ubuntu3.12 | 1:8.0-0ubuntu3.12 |
Pulseaudio | Pulseaudio_project | 1:8.0-0ubuntu4 | 1:8.0-0ubuntu4 |