Summary
| Detail | |||
|---|---|---|---|
| Vendor | Xkbcommon | First view | 2018-08-25 |
| Product | Libxkbcommon | Last view | 2018-08-25 |
| Version | * | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:xkbcommon:libxkbcommon | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5.5 | 2018-08-25 | CVE-2018-15864 | Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created. |
| 5.5 | 2018-08-25 | CVE-2018-15863 | Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression. |
| 5.5 | 2018-08-25 | CVE-2018-15862 | Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers. |
| 5.5 | 2018-08-25 | CVE-2018-15861 | Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure. |
| 5.5 | 2018-08-25 | CVE-2018-15859 | Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled. |
| 5.5 | 2018-08-25 | CVE-2018-15858 | Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file. |
| 7.8 | 2018-08-25 | CVE-2018-15857 | An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file. |
| 5.5 | 2018-08-25 | CVE-2018-15853 | Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 75% (6) | CWE-476 | NULL Pointer Dereference |
| 12% (1) | CWE-416 | Use After Free |
| 12% (1) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-4295467df0.nasl - Type: ACT_GATHER_INFO |
| 2018-10-31 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201810-05.nasl - Type: ACT_GATHER_INFO |
