{"id":"CVE-2018-15854","details":"Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly.","modified":"2026-03-15T14:29:53.827155Z","published":"2018-08-25T21:29:01.593Z","related":["MGASA-2018-0369","SUSE-SU-2018:3685-1","SUSE-SU-2024:0037-1"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2079"},{"type":"ADVISORY","url":"https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201810-05"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3786-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3786-2/"},{"type":"FIX","url":"https://github.com/xkbcommon/libxkbcommon/commit/e3cacae7b1bfda0d839c280494f23284a1187adf"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/xkbcommon/libxkbcommon","events":[{"introduced":"0"},{"fixed":"87046f56efc89d3b0771df9b4fefcda39ade3dd1"},{"fixed":"e3cacae7b1bfda0d839c280494f23284a1187adf"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.8.1"}]}}],"versions":["xkbcommon-0.2.0","xkbcommon-0.3.0","xkbcommon-0.3.1","xkbcommon-0.3.2","xkbcommon-0.4.0","xkbcommon-0.4.1","xkbcommon-0.4.2","xkbcommon-0.4.3","xkbcommon-0.5.0","xkbcommon-0.6.0","xkbcommon-0.6.1","xkbcommon-0.7.0","xkbcommon-0.7.1","xkbcommon-0.7.2","xkbcommon-0.8.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-15854.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]}],"vanir_signatures":[{"target":{"file":"src/xkbcomp/ast.h"},"digest":{"threshold":0.9,"line_hashes":["246668354826189783287622017382880698255","50264401089463712014793335532613509016","193572055833301283186130770852473589071","75768718557879718433513182767538078376","94688013004790728306344486117748107449","130058130792014441517702719593814964832","109258994702549565769254788619110575733"]},"source":"https://github.com/xkbcommon/libxkbcommon/commit/e3cacae7b1bfda0d839c280494f23284a1187adf","id":"CVE-2018-15854-34fc12bc","signature_type":"Line","deprecated":false,"signature_version":"v1"},{"target":{"file":"src/xkbcomp/ast-build.h"},"digest":{"threshold":0.9,"line_hashes":["337610187088446293266228536635368987338","263711999615519336787718363883417692405","39229216897454649471404094564958117855"]},"source":"https://github.com/xkbcommon/libxkbcommon/commit/e3cacae7b1bfda0d839c280494f23284a1187adf","id":"CVE-2018-15854-7c50bc5a","signature_type":"Line","deprecated":false,"signature_version":"v1"},{"target":{"file":"src/xkbcomp/ast-build.c"},"digest":{"threshold":0.9,"line_hashes":["266697308492379725541600439398106331312","89135738776443511015244029387203105237","32002661022502531897837161557645378982","245169884622541596279721827977644780293","116715768090766867253820390827495717241","337746730670757975616325882490903404079","119053655197065402274231304054740175390"]},"source":"https://github.com/xkbcommon/libxkbcommon/commit/e3cacae7b1bfda0d839c280494f23284a1187adf","id":"CVE-2018-15854-7e1227cd","signature_type":"Line","deprecated":false,"signature_version":"v1"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}