CVE-2018-15861

Published: 8/25/2018 Last updated: 8/5/2024 Reserved: 8/24/2018

Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (1)

conf-xkbcommon

Products affected (1)

Product	Vendor	Version
n/a	n/a	2008 R2 for Itanium-Based Systems Service Pack 1

References (12)

https://github.com/xkbcommon/libxkbcommon/commit/38e1766bc6e20108948aec8a0b222a4bad0254e9
https://usn.ubuntu.com/3786-2/
https://access.redhat.com/errata/RHSA-2019:2079
https://security.gentoo.org/glsa/201810-05
https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html
https://usn.ubuntu.com/3786-1/
https://github.com/xkbcommon/libxkbcommon/commit/38e1766bc6e20108948aec8a0b222a4bad0254e9
https://usn.ubuntu.com/3786-2/
https://access.redhat.com/errata/RHSA-2019:2079
https://security.gentoo.org/glsa/201810-05
https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html
https://usn.ubuntu.com/3786-1/