CVE-2018-15854NULL Pointer Dereference in Project Xkbcommon

CWE-476NULL Pointer Dereference10 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 86.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Xkbcommon LibxkbcommonXkbcommon Project XkbcommonDebian Libxkbcommon+1 more
Timeline
PublishedAug 25
Latest updateMay 14

Description

Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

debiandebian/libxkbcommon< libxkbcommon 0.8.2-1 (bookworm)
Debianxkbcommon/libxkbcommon< 0.8.2-1+3
Ubuntuxkbcommon/libxkbcommon< 0.4.1-0ubuntu1.1+2

Also affects: Ubuntu Linux 14.04, 16.04, 18.04

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
GHSA-6f5q-28vf-cqgr: Unchecked NULL pointer usage in xkbcommon before 02022-05-14
OSV
libxkbcommon vulnerabilities2018-11-06
OSV
libxkbcommon vulnerabilities2018-10-08
OSV
CVE-2018-15854: Unchecked NULL pointer usage in xkbcommon before 02018-08-25

📋Vendor Advisories

4
Ubuntu
libxkbcommon vulnerabilities2018-11-06
Ubuntu
libxkbcommon vulnerabilities2018-10-08
Red Hat
libxkbcommon: NULL pointer dereference resulting in a crash2018-03-10
Debian
CVE-2018-15854: libxkbcommon - Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local at...2018

💬Community

1
Bugzilla
CVE-2018-15854 libxkbcommon: NULL pointer dereference resulting in a crash2018-08-28