CVE-2018-15857Use After Free in Libxkbcommon

CWE-416Use After Free10 documents7 sources
Severity
7.8HIGHNVD
OSV5.5
EPSS
0.1%
top 81.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Xkbcommon LibxkbcommonXkbcommonDebian Libxkbcommon+1 more
Timeline
PublishedAug 25
Latest updateMay 14

Description

An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

NVDxkbcommon/xkbcommon< 0.8.1
debiandebian/libxkbcommon< libxkbcommon 0.8.2-1 (bookworm)
Debianxkbcommon/libxkbcommon< 0.8.2-1+3
Ubuntuxkbcommon/libxkbcommon< 0.4.1-0ubuntu1.1+2

Also affects: Ubuntu Linux 14.04, 16.04, 18.04

Patches

Patch: github.comPatch: lists.freedesktop.orgPatch: github.com

🔴Vulnerability Details

4
GHSA
GHSA-8vxx-7whg-r47h: An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build2022-05-14
OSV
libxkbcommon vulnerabilities2018-11-06
OSV
libxkbcommon vulnerabilities2018-10-08
OSV
CVE-2018-15857: An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build2018-08-25

📋Vendor Advisories

4
Ubuntu
libxkbcommon vulnerabilities2018-11-06
Ubuntu
libxkbcommon vulnerabilities2018-10-08
Red Hat
libxkbcommon: Invalid free in ExprAppendMultiKeysymList resulting in a crash2018-07-30
Debian
CVE-2018-15857: libxkbcommon - An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon...2018

💬Community

1
Bugzilla
CVE-2018-15857 libxkbcommon: Invalid free in ExprAppendMultiKeysymList resulting in a crash2018-08-28