CVE-2018-15858

MEDIUM

libxkbcommon < 0.8.1 - Denial of Service via Crafted Keymap File

Title source: llm

Description

Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file.

References (5)

Core 5

Core References

Patch, Third Party Advisory x_refsource_misc

https://github.com/xkbcommon/libxkbcommon/commit/badb428e63387140720f22486b3acbd3d738859f

View Patch ZIP pw:eip

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201810-05

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/3786-1/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/3786-2/

Mailing List, Patch, Third Party Advisory x_refsource_misc

https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html

Scores

CVSS v3 5.5

EPSS 0.0006

EPSS Percentile 18.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (5)

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 18.04

xkbcommon/libxkbcommon < 0.8.1

xkbcommon/xkbcommon < 0.8.1

Published Aug 25, 2018

Tracked Since Feb 18, 2026