CVE-2018-15864
Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created.
| Software | From | Fixed in |
|---|---|---|
| xkbcommon / xkbcommon | - | 0.8.1.x |
| xkbcommon / libxkbcommon | - | 0.8.1.x |
| canonical / ubuntu_linux | 16.04 | 16.04.x |
| canonical / ubuntu_linux | 14.04 | 14.04.x |
| canonical / ubuntu_linux | 18.04 | 18.04.x |
- https://access.redhat.com/errata/RHSA-2019:2079
- https://github.com/xkbcommon/libxkbcommon/commit/a8ea7a1d3daa7bdcb877615ae0a252c189153bd2
- https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html
- https://security.gentoo.org/glsa/201810-05
- https://usn.ubuntu.com/3786-1/
- https://usn.ubuntu.com/3786-2/
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime