Vulnerabilities > CVE-2020-15710 - Double Free vulnerability in Pulseaudio Project Pulseaudio

CVSS 6.1 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

pulseaudio-project

CWE-415

NVD

Published: 2020-11-19

Updated: 2020-12-16

Summary

Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c and src/modules/bluetooth/module-bluez5-device.c. Fixed in 1:8.0-0ubuntu3.14.

Vulnerable Configurations

Part	Description	Count
Application	Pulseaudio_Project Pulseaudio Project Pulseaudio 1\	16
OS	Canonical Canonical Ubuntu Linux 16.04	1

Common Weakness Enumeration (CWE)

CWE-415 - Double Free

References

https://ubuntu.com/USN-4519-1
https://launchpad.net/bugs/1884738