CVE-2018-25001

Name of the Vulnerable Software and Affected Versions libpulse-binding versions prior to 2.5.0

Description The issue is related to a use-after-free problem with property list iteration due to a lack of a lifetime constraint tying the lifetime of a proplist::Iterator to the Proplist object for which it was created. This allows users to destroy the Proplist object before the iterator, thus destroying the underlying C object the iterator works upon, before the iterator may be finished with it.

Recommendations To resolve the issue, update to version 2.5.0 or newer. As a temporary workaround, consider ensuring that the Proplist object is not destroyed before the proplist::Iterator is finished with it, until a patch is available.