CVE-2018-15857

Published: Aug 25, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file.

Affected (5)

Products: Xkbcommon: Libxkbcommon, Xkbcommon · Canonical: Ubuntu Linux

2 products

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Xkbcommon Libxkbcommon	Before 0.8.1
Xkbcommon Xkbcommon	Before 0.8.1

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04

Related CWEs

CWE-416

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (12)

https://access.redhat.com/errata/RHSA-2019:2079

Source: cve@mitre.org

https://github.com/xkbcommon/libxkbcommon/commit/c1e5ac16e77a21f87bdf3bc4dea61b037a17dddb

Source: cve@mitre.org

PatchThird Party Advisory

https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

https://security.gentoo.org/glsa/201810-05

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3786-1/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3786-2/

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2079