CVE-2018-15856

An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files.
Infinite Loop
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Affected Products (NVD)
VendorProductVersion
xkbcommonxkbcommon
𝑥
< 0.8.1
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libxkbcommon
bookworm
1.5.0-1
fixed
bullseye
1.0.3-2
fixed
jessie
no-dsa
sid
1.6.0-1
fixed
stretch
ignored
trixie
1.6.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libxkbcommon
bionic
Fixed 0.8.0-1ubuntu0.1
released
cosmic
not-affected
trusty
Fixed 0.4.1-0ubuntu1.1
released
xenial
Fixed 0.5.0-1ubuntu2.1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libxkbcommon-devel
suse enterprise desktop 15
0.8.2-3.3.1
fixed
suse enterprise desktop 15 SP1
0.8.2-3.3.1
fixed
suse enterprise desktop 15 SP2
0.8.2-3.3.1
fixed
suse enterprise desktop 15 SP3
0.8.2-3.3.1
fixed
suse enterprise desktop 15 SP4
1.3.0-150400.1.13
fixed
suse enterprise desktop 15 SP5
1.3.0-150400.1.13
fixed
suse enterprise desktop 15 SP6
1.5.0-150600.1.5
fixed
suse enterprise desktop 15 SP7
1.5.0-150600.3.3.1
fixed
suse enterprise sap 15
0.8.2-3.3.1
fixed
suse enterprise sap 15 SP1
0.8.2-3.3.1
fixed
suse enterprise sap 15 SP2
0.8.2-3.3.1
fixed
suse enterprise sap 15 SP3
0.8.2-3.3.1
fixed
suse enterprise sap 15 SP4
1.3.0-150400.1.13
fixed
suse enterprise sap 15 SP5
1.3.0-150400.1.13
fixed
suse enterprise sap 15 SP6
1.5.0-150600.1.5
fixed
suse enterprise sap 15 SP7
1.5.0-150600.3.3.1
fixed
suse enterprise server 15
0.8.2-3.3.1
fixed
suse enterprise server 15 SP1
0.8.2-3.3.1
fixed
suse enterprise server 15 SP2
0.8.2-3.3.1
fixed
suse enterprise server 15 SP3
0.8.2-3.3.1
fixed
suse enterprise server 15 SP4
1.3.0-150400.1.13
fixed
suse enterprise server 15 SP5
1.3.0-150400.1.13
fixed
suse enterprise server 15 SP6
1.5.0-150600.1.5
fixed
suse enterprise server 15 SP7
1.5.0-150600.3.3.1
fixed
libxkbcommon-x11-0
suse enterprise desktop 15
0.8.2-3.3.1
fixed
suse enterprise desktop 15 SP1
0.8.2-3.3.1
fixed
suse enterprise desktop 15 SP2
0.8.2-3.3.1
fixed
suse enterprise desktop 15 SP3
0.8.2-3.3.1
fixed
suse enterprise desktop 15 SP4
1.3.0-150400.1.13
fixed
suse enterprise desktop 15 SP5
1.3.0-150400.1.13
fixed
suse enterprise desktop 15 SP6
1.5.0-150600.1.5
fixed
suse enterprise desktop 15 SP7
1.5.0-150600.3.3.1
fixed
suse enterprise sap 12 SP5
0.6.1-9.3.1
fixed
suse enterprise sap 15
0.8.2-3.3.1
fixed
suse enterprise sap 15 SP1
0.8.2-3.3.1
fixed
suse enterprise sap 15 SP2
0.8.2-3.3.1
fixed
suse enterprise sap 15 SP3
0.8.2-3.3.1
fixed
suse enterprise sap 15 SP4
1.3.0-150400.1.13
fixed
suse enterprise sap 15 SP5
1.3.0-150400.1.13
fixed
suse enterprise sap 15 SP6
1.5.0-150600.1.5
fixed
suse enterprise sap 15 SP7
1.5.0-150600.3.3.1
fixed
suse enterprise server 12 SP3
0.6.1-9.3.1
fixed
suse enterprise server 12 SP5
0.6.1-9.3.1
fixed
suse enterprise server 15
0.8.2-3.3.1
fixed
suse enterprise server 15 SP1
0.8.2-3.3.1
fixed
suse enterprise server 15 SP2
0.8.2-3.3.1
fixed
suse enterprise server 15 SP3
0.8.2-3.3.1
fixed
suse enterprise server 15 SP4
1.3.0-150400.1.13
fixed
suse enterprise server 15 SP5
1.3.0-150400.1.13
fixed
suse enterprise server 15 SP6
1.5.0-150600.1.5
fixed
suse enterprise server 15 SP7
1.5.0-150600.3.3.1
fixed
libxkbcommon-x11-0-32bit
suse enterprise sap 12 SP5
0.6.1-9.3.1
fixed
suse enterprise server 12 SP3
0.6.1-9.3.1
fixed
suse enterprise server 12 SP5
0.6.1-9.3.1
fixed
libxkbcommon-x11-devel
suse enterprise desktop 15
0.8.2-3.3.1
fixed
suse enterprise desktop 15 SP1
0.8.2-3.3.1
fixed
suse enterprise desktop 15 SP2
0.8.2-3.3.1
fixed
suse enterprise desktop 15 SP3
0.8.2-3.3.1
fixed
suse enterprise desktop 15 SP4
1.3.0-150400.1.13
fixed
suse enterprise desktop 15 SP5
1.3.0-150400.1.13
fixed
suse enterprise desktop 15 SP6
1.5.0-150600.1.5
fixed
suse enterprise desktop 15 SP7
1.5.0-150600.3.3.1
fixed
suse enterprise sap 15
0.8.2-3.3.1
fixed
suse enterprise sap 15 SP1
0.8.2-3.3.1
fixed
suse enterprise sap 15 SP2
0.8.2-3.3.1
fixed
suse enterprise sap 15 SP3
0.8.2-3.3.1
fixed
suse enterprise sap 15 SP4
1.3.0-150400.1.13
fixed
suse enterprise sap 15 SP5
1.3.0-150400.1.13
fixed
suse enterprise sap 15 SP6
1.5.0-150600.1.5
fixed
suse enterprise sap 15 SP7
1.5.0-150600.3.3.1
fixed
suse enterprise server 15
0.8.2-3.3.1
fixed
suse enterprise server 15 SP1
0.8.2-3.3.1
fixed
suse enterprise server 15 SP2
0.8.2-3.3.1
fixed
suse enterprise server 15 SP3
0.8.2-3.3.1
fixed
suse enterprise server 15 SP4
1.3.0-150400.1.13
fixed
suse enterprise server 15 SP5
1.3.0-150400.1.13
fixed
suse enterprise server 15 SP6
1.5.0-150600.1.5
fixed
suse enterprise server 15 SP7
1.5.0-150600.3.3.1
fixed
libxkbcommon0
suse enterprise desktop 15
0.8.2-3.3.1
fixed
suse enterprise desktop 15 SP1
0.8.2-3.3.1
fixed
suse enterprise desktop 15 SP2
0.8.2-3.3.1
fixed
suse enterprise desktop 15 SP3
0.8.2-3.3.1
fixed
suse enterprise desktop 15 SP4
1.3.0-150400.1.13
fixed
suse enterprise desktop 15 SP5
1.3.0-150400.1.13
fixed
suse enterprise desktop 15 SP6
1.5.0-150600.1.5
fixed
suse enterprise desktop 15 SP7
1.5.0-150600.3.3.1
fixed
suse enterprise sap 12 SP5
0.6.1-9.3.1
fixed
suse enterprise sap 15
0.8.2-3.3.1
fixed
suse enterprise sap 15 SP1
0.8.2-3.3.1
fixed
suse enterprise sap 15 SP2
0.8.2-3.3.1
fixed
suse enterprise sap 15 SP3
0.8.2-3.3.1
fixed
suse enterprise sap 15 SP4
1.3.0-150400.1.13
fixed
suse enterprise sap 15 SP5
1.3.0-150400.1.13
fixed
suse enterprise sap 15 SP6
1.5.0-150600.1.5
fixed
suse enterprise sap 15 SP7
1.5.0-150600.3.3.1
fixed
suse enterprise server 12 SP3
0.6.1-9.3.1
fixed
suse enterprise server 12 SP5
0.6.1-9.3.1
fixed
suse enterprise server 15
0.8.2-3.3.1
fixed
suse enterprise server 15 SP1
0.8.2-3.3.1
fixed
suse enterprise server 15 SP2
0.8.2-3.3.1
fixed
suse enterprise server 15 SP3
0.8.2-3.3.1
fixed
suse enterprise server 15 SP4
1.3.0-150400.1.13
fixed
suse enterprise server 15 SP5
1.3.0-150400.1.13
fixed
suse enterprise server 15 SP6
1.5.0-150600.1.5
fixed
suse enterprise server 15 SP7
1.5.0-150600.3.3.1
fixed
libxkbcommon0-32bit
suse enterprise sap 12 SP5
0.6.1-9.3.1
fixed
suse enterprise server 12 SP3
0.6.1-9.3.1
fixed
suse enterprise server 12 SP5
0.6.1-9.3.1
fixed
libxkbregistry-devel
suse enterprise desktop 15 SP4
1.3.0-150400.1.13
fixed
suse enterprise desktop 15 SP5
1.3.0-150400.1.13
fixed
suse enterprise desktop 15 SP6
1.5.0-150600.1.5
fixed
suse enterprise desktop 15 SP7
1.5.0-150600.3.3.1
fixed
suse enterprise sap 15 SP4
1.3.0-150400.1.13
fixed
suse enterprise sap 15 SP5
1.3.0-150400.1.13
fixed
suse enterprise sap 15 SP6
1.5.0-150600.1.5
fixed
suse enterprise sap 15 SP7
1.5.0-150600.3.3.1
fixed
suse enterprise server 15 SP4
1.3.0-150400.1.13
fixed
suse enterprise server 15 SP5
1.3.0-150400.1.13
fixed
suse enterprise server 15 SP6
1.5.0-150600.1.5
fixed
suse enterprise server 15 SP7
1.5.0-150600.3.3.1
fixed
libxkbregistry0
suse enterprise desktop 15 SP4
1.3.0-150400.1.13
fixed
suse enterprise desktop 15 SP5
1.3.0-150400.1.13
fixed
suse enterprise desktop 15 SP6
1.5.0-150600.1.5
fixed
suse enterprise desktop 15 SP7
1.5.0-150600.3.3.1
fixed
suse enterprise sap 15 SP4
1.3.0-150400.1.13
fixed
suse enterprise sap 15 SP5
1.3.0-150400.1.13
fixed
suse enterprise sap 15 SP6
1.5.0-150600.1.5
fixed
suse enterprise sap 15 SP7
1.5.0-150600.3.3.1
fixed
suse enterprise server 15 SP4
1.3.0-150400.1.13
fixed
suse enterprise server 15 SP5
1.3.0-150400.1.13
fixed
suse enterprise server 15 SP6
1.5.0-150600.1.5
fixed
suse enterprise server 15 SP7
1.5.0-150600.3.3.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
gdm
RHEL 7
1:3.28.2-16.el7
fixed
gdm-devel
RHEL 7
1:3.28.2-16.el7
fixed
gdm-pam-extensions-devel
RHEL 7
1:3.28.2-16.el7
fixed
libX11
RHEL 7
0:1.6.7-2.el7
fixed
libX11-common
RHEL 7
0:1.6.7-2.el7
fixed
libX11-devel
RHEL 7
0:1.6.7-2.el7
fixed
libxkbcommon
RHEL 7
0:0.7.1-3.el7
fixed
libxkbcommon-devel
RHEL 7
0:0.7.1-3.el7
fixed
libxkbcommon-x11
RHEL 7
0:0.7.1-3.el7
fixed
libxkbcommon-x11-devel
RHEL 7
0:0.7.1-3.el7
fixed
mesa-libGLw
RHEL 7
0:8.0.0-5.el7
fixed
mesa-libGLw-devel
RHEL 7
0:8.0.0-5.el7
fixed
xorg-x11-drv-ati
RHEL 7
0:19.0.1-2.el7
fixed
xorg-x11-drv-vesa
RHEL 7
0:2.4.0-3.el7
fixed
xorg-x11-drv-wacom
RHEL 7
0:0.36.1-3.el7
fixed
xorg-x11-drv-wacom-devel
RHEL 7
0:0.36.1-3.el7
fixed
xorg-x11-server-Xdmx
RHEL 7
0:1.20.4-7.el7
fixed
xorg-x11-server-Xephyr
RHEL 7
0:1.20.4-7.el7
fixed
xorg-x11-server-Xnest
RHEL 7
0:1.20.4-7.el7
fixed
xorg-x11-server-Xorg
RHEL 7
0:1.20.4-7.el7
fixed
xorg-x11-server-Xvfb
RHEL 7
0:1.20.4-7.el7
fixed
xorg-x11-server-Xwayland
RHEL 7
0:1.20.4-7.el7
fixed
xorg-x11-server-common
RHEL 7
0:1.20.4-7.el7
fixed
xorg-x11-server-devel
RHEL 7
0:1.20.4-7.el7
fixed
xorg-x11-server-source
RHEL 7
0:1.20.4-7.el7
fixed
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2019:2079
https://github.com/xkbcommon/libxkbcommon/commit/842e4351c2c97de6051cab6ce36b4a81e709a0e1
https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html
https://security.gentoo.org/glsa/201810-05
https://usn.ubuntu.com/3786-1/
https://usn.ubuntu.com/3786-2/
https://access.redhat.com/errata/RHSA-2019:2079
https://github.com/xkbcommon/libxkbcommon/commit/842e4351c2c97de6051cab6ce36b4a81e709a0e1
https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html
https://security.gentoo.org/glsa/201810-05
https://usn.ubuntu.com/3786-1/
https://usn.ubuntu.com/3786-2/