1. CVE-Search
  2. CVE-2018-15864
ID CVE-2018-15864
Summary Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created.
References
Vulnerable Configurations
  • cpe:2.3:a:xkbcommon:libxkbcommon:*:*:*:*:*:*:*:*
    cpe:2.3:a:xkbcommon:libxkbcommon:*:*:*:*:*:*:*:*
  • cpe:2.3:a:xkbcommon:xkbcommon:*:*:*:*:*:*:*:*
    cpe:2.3:a:xkbcommon:xkbcommon:*:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
CVSS
Base: 2.1 (as of 06-08-2019 - 17:15)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 1724300
title visual lag and screen update delays with libX11
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 7 is installed
      oval oval:com.redhat.rhba:tst:20150364027
    • OR
      • AND
        • comment libxkbcommon is earlier than 0:0.7.1-3.el7
          oval oval:com.redhat.rhsa:tst:20192079001
        • comment libxkbcommon is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865008
      • AND
        • comment libxkbcommon-devel is earlier than 0:0.7.1-3.el7
          oval oval:com.redhat.rhsa:tst:20192079003
        • comment libxkbcommon-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865010
      • AND
        • comment libxkbcommon-x11 is earlier than 0:0.7.1-3.el7
          oval oval:com.redhat.rhsa:tst:20192079005
        • comment libxkbcommon-x11 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865012
      • AND
        • comment libxkbcommon-x11-devel is earlier than 0:0.7.1-3.el7
          oval oval:com.redhat.rhsa:tst:20192079007
        • comment libxkbcommon-x11-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865014
      • AND
        • comment xorg-x11-drv-vesa is earlier than 0:2.4.0-3.el7
          oval oval:com.redhat.rhsa:tst:20192079009
        • comment xorg-x11-drv-vesa is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376078
      • AND
        • comment mesa-libGLw is earlier than 0:8.0.0-5.el7
          oval oval:com.redhat.rhsa:tst:20192079011
        • comment mesa-libGLw is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20192079012
      • AND
        • comment mesa-libGLw-devel is earlier than 0:8.0.0-5.el7
          oval oval:com.redhat.rhsa:tst:20192079013
        • comment mesa-libGLw-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20192079014
      • AND
        • comment gdm is earlier than 1:3.28.2-16.el7
          oval oval:com.redhat.rhsa:tst:20192079015
        • comment gdm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110395002
      • AND
        • comment gdm-devel is earlier than 1:3.28.2-16.el7
          oval oval:com.redhat.rhsa:tst:20192079017
        • comment gdm-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20172128010
      • AND
        • comment gdm-pam-extensions-devel is earlier than 1:3.28.2-16.el7
          oval oval:com.redhat.rhsa:tst:20192079019
        • comment gdm-pam-extensions-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20183140834
      • AND
        • comment libX11 is earlier than 0:1.6.7-2.el7
          oval oval:com.redhat.rhsa:tst:20192079021
        • comment libX11 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141436062
      • AND
        • comment libX11-common is earlier than 0:1.6.7-2.el7
          oval oval:com.redhat.rhsa:tst:20192079023
        • comment libX11-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141436064
      • AND
        • comment libX11-devel is earlier than 0:1.6.7-2.el7
          oval oval:com.redhat.rhsa:tst:20192079025
        • comment libX11-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141436066
      • AND
        • comment xorg-x11-server-Xdmx is earlier than 0:1.20.4-7.el7
          oval oval:com.redhat.rhsa:tst:20192079027
        • comment xorg-x11-server-Xdmx is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376182
      • AND
        • comment xorg-x11-server-Xephyr is earlier than 0:1.20.4-7.el7
          oval oval:com.redhat.rhsa:tst:20192079029
        • comment xorg-x11-server-Xephyr is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376184
      • AND
        • comment xorg-x11-server-Xnest is earlier than 0:1.20.4-7.el7
          oval oval:com.redhat.rhsa:tst:20192079031
        • comment xorg-x11-server-Xnest is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376186
      • AND
        • comment xorg-x11-server-Xorg is earlier than 0:1.20.4-7.el7
          oval oval:com.redhat.rhsa:tst:20192079033
        • comment xorg-x11-server-Xorg is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376188
      • AND
        • comment xorg-x11-server-Xvfb is earlier than 0:1.20.4-7.el7
          oval oval:com.redhat.rhsa:tst:20192079035
        • comment xorg-x11-server-Xvfb is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376190
      • AND
        • comment xorg-x11-server-Xwayland is earlier than 0:1.20.4-7.el7
          oval oval:com.redhat.rhsa:tst:20192079037
        • comment xorg-x11-server-Xwayland is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20183059212
      • AND
        • comment xorg-x11-server-common is earlier than 0:1.20.4-7.el7
          oval oval:com.redhat.rhsa:tst:20192079039
        • comment xorg-x11-server-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376192
      • AND
        • comment xorg-x11-server-devel is earlier than 0:1.20.4-7.el7
          oval oval:com.redhat.rhsa:tst:20192079041
        • comment xorg-x11-server-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376194
      • AND
        • comment xorg-x11-server-source is earlier than 0:1.20.4-7.el7
          oval oval:com.redhat.rhsa:tst:20192079043
        • comment xorg-x11-server-source is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376196
      • AND
        • comment xorg-x11-drv-ati is earlier than 0:19.0.1-2.el7
          oval oval:com.redhat.rhsa:tst:20192079045
        • comment xorg-x11-drv-ati is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376092
      • AND
        • comment xorg-x11-drv-wacom is earlier than 0:0.36.1-3.el7
          oval oval:com.redhat.rhsa:tst:20192079047
        • comment xorg-x11-drv-wacom is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376120
      • AND
        • comment xorg-x11-drv-wacom-devel is earlier than 0:0.36.1-3.el7
          oval oval:com.redhat.rhsa:tst:20192079049
        • comment xorg-x11-drv-wacom-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376122
rhsa
id RHSA-2019:2079
released 2019-08-06
severity Moderate
title RHSA-2019:2079: Xorg security and bug fix update (Moderate)
rpms
  • gdm-1:3.28.2-16.el7
  • gdm-debuginfo-1:3.28.2-16.el7
  • gdm-devel-1:3.28.2-16.el7
  • gdm-pam-extensions-devel-1:3.28.2-16.el7
  • libX11-0:1.6.7-2.el7
  • libX11-common-0:1.6.7-2.el7
  • libX11-debuginfo-0:1.6.7-2.el7
  • libX11-devel-0:1.6.7-2.el7
  • libxkbcommon-0:0.7.1-3.el7
  • libxkbcommon-debuginfo-0:0.7.1-3.el7
  • libxkbcommon-devel-0:0.7.1-3.el7
  • libxkbcommon-x11-0:0.7.1-3.el7
  • libxkbcommon-x11-devel-0:0.7.1-3.el7
  • mesa-libGLw-0:8.0.0-5.el7
  • mesa-libGLw-debuginfo-0:8.0.0-5.el7
  • mesa-libGLw-devel-0:8.0.0-5.el7
  • xorg-x11-drv-ati-0:19.0.1-2.el7
  • xorg-x11-drv-ati-debuginfo-0:19.0.1-2.el7
  • xorg-x11-drv-vesa-0:2.4.0-3.el7
  • xorg-x11-drv-vesa-debuginfo-0:2.4.0-3.el7
  • xorg-x11-drv-wacom-0:0.36.1-3.el7
  • xorg-x11-drv-wacom-debuginfo-0:0.36.1-3.el7
  • xorg-x11-drv-wacom-devel-0:0.36.1-3.el7
  • xorg-x11-server-Xdmx-0:1.20.4-7.el7
  • xorg-x11-server-Xephyr-0:1.20.4-7.el7
  • xorg-x11-server-Xnest-0:1.20.4-7.el7
  • xorg-x11-server-Xorg-0:1.20.4-7.el7
  • xorg-x11-server-Xvfb-0:1.20.4-7.el7
  • xorg-x11-server-Xwayland-0:1.20.4-7.el7
  • xorg-x11-server-common-0:1.20.4-7.el7
  • xorg-x11-server-debuginfo-0:1.20.4-7.el7
  • xorg-x11-server-devel-0:1.20.4-7.el7
  • xorg-x11-server-source-0:1.20.4-7.el7
refmap via4
gentoo GLSA-201810-05
misc
ubuntu
  • USN-3786-1
  • USN-3786-2
Last major update 06-08-2019 - 17:15
Published 25-08-2018 - 21:29
Last modified 06-08-2019 - 17:15
Back to Top