CVE-2019-25055

Name of the Vulnerable Software and Affected Versions libpulse-binding crate versions prior to 2.6.0

Description An issue was discovered in the libpulse-binding crate where it mishandles a panic that crosses a Foreign Function Interface (FFI) boundary. The affected versions of this crate failed to catch panics crossing FFI boundaries via callbacks, which is a form of undefined behavior (UB).

Recommendations For versions prior to 2.6.0, update to version 2.6.0 or later to resolve the issue. As a temporary workaround, consider disabling the use of callbacks that cross FFI boundaries until a patch is available.