Aggregates CVE and security vulnerability intelligence across all xkbcommon-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk memory corruption and vendor risk denial of service and related security problems, affecting vendor surface production workloads and vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2018-15864 | Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created. | [email protected] | 5.5 | 0.04% | 2018-08-25 | 2024-11-21 |
| CVE-2018-15863 | Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression. | [email protected] | 5.5 | 0.07% | 2018-08-25 | 2024-11-21 |
| CVE-2018-15862 | Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers. | [email protected] | 5.5 | 0.04% | 2018-08-25 | 2024-11-21 |
| CVE-2018-15861 | Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure. | [email protected] | 5.5 | 0.07% | 2018-08-25 | 2024-11-21 |
| CVE-2018-15859 | Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled. | [email protected] | 5.5 | 0.08% | 2018-08-25 | 2024-11-21 |
| CVE-2018-15858 | Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file. | [email protected] | 5.5 | 0.08% | 2018-08-25 | 2024-11-21 |
| CVE-2018-15857 | An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file. | [email protected] | 7.8 | 0.08% | 2018-08-25 | 2024-11-21 |
| CVE-2018-15856 | An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files. | [email protected] | 5.5 | 0.04% | 2018-08-25 | 2024-11-21 |
| CVE-2018-15853 | Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation. | [email protected] | 5.5 | 0.07% | 2018-08-25 | 2024-11-21 |