Vulnerabilities > Canonical > Ubuntu Linux > 18.04

DATE CVE VULNERABILITY TITLE RISK
2018-08-25 CVE-2018-15862 NULL Pointer Dereference vulnerability in multiple products
Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers.
local
low complexity
xkbcommon canonical CWE-476
2.1
2018-08-25 CVE-2018-15861 NULL Pointer Dereference vulnerability in multiple products
Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure.
local
low complexity
xkbcommon canonical CWE-476
2.1
2018-08-25 CVE-2018-15859 NULL Pointer Dereference vulnerability in multiple products
Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled.
local
low complexity
xkbcommon canonical CWE-476
2.1
2018-08-25 CVE-2018-15858 NULL Pointer Dereference vulnerability in multiple products
Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file.
local
low complexity
xkbcommon canonical CWE-476
2.1
2018-08-25 CVE-2018-15857 Use After Free vulnerability in multiple products
An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file.
local
low complexity
xkbcommon canonical CWE-416
4.6
2018-08-25 CVE-2018-15856 Infinite Loop vulnerability in multiple products
An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files.
local
low complexity
xkbcommon canonical CWE-835
2.1
2018-08-25 CVE-2018-15855 NULL Pointer Dereference vulnerability in multiple products
Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled.
local
low complexity
xkbcommon-project canonical CWE-476
2.1
2018-08-25 CVE-2018-15854 NULL Pointer Dereference vulnerability in multiple products
Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly.
local
low complexity
xkbcommon-project canonical CWE-476
2.1
2018-08-25 CVE-2018-15853 Resource Exhaustion vulnerability in multiple products
Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation.
local
low complexity
xkbcommon canonical CWE-400
2.1
2018-08-24 CVE-2018-15120 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.
4.3