MidnightBSD

Advisories for pulseaudio_project

CVE-2020-15710 LOW

Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c and src/modules/bluetooth/module-bluez5-device.c. Fixed in 1:8.0-0ubuntu3.14.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H 1.8 4.2
security@ubuntu.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H 1.0 4.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-415,CWE-415,

Products Affected

Vendor Product Version
pulseaudio_project pulseaudio 1:8.0-0ubuntu3.6
pulseaudio_project pulseaudio 1:8.0-0ubuntu3.7
pulseaudio_project pulseaudio 1:8.0-0ubuntu3.3
pulseaudio_project pulseaudio 1:8.0-0ubuntu3.5
pulseaudio_project pulseaudio 1:8.0-0ubuntu4
pulseaudio_project pulseaudio 1:8.0-0ubuntu3
pulseaudio_project pulseaudio 1:8.0-0ubuntu3.12
pulseaudio_project pulseaudio 1:8.0-0ubuntu3.10
pulseaudio_project pulseaudio 1:8.0-0ubuntu1
pulseaudio_project pulseaudio 1:8.0-0ubuntu3.9
pulseaudio_project pulseaudio 1:8.0-0ubuntu3.11
pulseaudio_project pulseaudio 1:8.0-0ubuntu3.2
pulseaudio_project pulseaudio 1:8.0-0ubuntu2
pulseaudio_project pulseaudio 1:8.0-0ubuntu3.4
pulseaudio_project pulseaudio 1:8.0-0ubuntu3.1
pulseaudio_project pulseaudio 1:8.0-0ubuntu3.8