Debian Libxkbcommon vulnerabilities

CVE-2018-15864 [MEDIUM] CVE-2018-15864: libxkbcommon - Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon ... Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created. Scope: local bookworm: resolved (fixed in 0.8.2-1) bullseye: resolved

CVE-2018-15859 [MEDIUM] CVE-2018-15859: libxkbcommon - Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkb... Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled. Scope: local bookworm: resolved (fixed in 0.8.2-1) bullseye: resolved (fixed

CVE-2018-15862 [MEDIUM] CVE-2018-15862: libxkbcommon - Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon bef... Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers. Scope: local bookworm: resolved (fixed in 0.8.2-1) bullseye: resolved (fixed in 0.8.2-1) forky: resolved (fixed in

CVE-2018-15858 [MEDIUM] CVE-2018-15858: libxkbcommon - Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKe... Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file. Scope: local bookworm: resolved (fixed in 0.8.2-1) bullseye: resolved (fixed in 0.8.2-1) forky: resolv

CVE-2018-15861 [MEDIUM] CVE-2018-15861: libxkbcommon - Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon be... Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure. Scope: local bookworm: resolved (fixed in 0.8.2-1) bullseye: resolved (fixed in 0.8.2-1) forky: resolve

CVE-2018-15853 [MEDIUM] CVE-2018-15853: libxkbcommon - Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before ... Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation. Scope: local bookworm: resolved (fixed in 0.8.2-1) bullseye: resolved (fixed in 0.8.2-1) forky: resolved (fixed in 0.8.2-1) sid: resolved (fixe

CVE-2018-15856 [MEDIUM] CVE-2018-15856: libxkbcommon - An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the key... An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files. Scope: local bookworm: resolved (fixed in 0.8.2-1) bullseye: resolved (fixed in 0.8.2-1) forky: resolved (fixed in 0.8.2-1) sid: resolved (fi

CVE-2018-15863 [MEDIUM] CVE-2018-15863: libxkbcommon - Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in ... Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression. Scope: local bookworm: resolved (fixed in 0.8.2-1) bullseye: resolved (fixed in 0.8.2-1) forky: reso

CVE-2018-15857 [HIGH] CVE-2018-15857: libxkbcommon - An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon... An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file. Scope: local bookworm: resolved (fixed in 0.8.2-1) bullseye: resolved (fixed in 0.8.2-1) forky: resolved (fixed in 0.8.2-1)

CVE-2018-15855 [MEDIUM] CVE-2018-15855: libxkbcommon - Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local at... Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled. Scope: local bookworm: resolved (fixed in 0.8.2-1) bullseye: resolved (fixed in 0.8.2-1) forky: resolved (fixed in 0

CVE-2018-15854 [MEDIUM] CVE-2018-15854: libxkbcommon - Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local at... Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly. Scope: local bookworm: resolved (fixed in 0.8.2-1) bullseye: resolved (fixed in 0.8.2-1) forky: resolved (fixed in 0.8.2-1) si