Bug#1122063: x11-xkb-utils: CVE-2018-15853 CVE-2018-15859 CVE-2018-15861 CVE-2018-15863

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1122063: x11-xkb-utils: CVE-2018-15853 CVE-2018-15859 CVE-2018-15861 CVE-2018-15863
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 06 Dec 2025 15:22:19 +0100
Message-id: <[🔎] 176503093958.1628987.11867833096761398651.reportbug@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1122063@bugs.debian.org

Source: x11-xkb-utils
Version: 7.7+9
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: found -1 7.7+7

Hi,

The following vulnerabilities were published for x11-xkb-utils
(specifically in xkbcomp).

CVE-2018-15853[0]:
| Endless recursion exists in xkbcomp/expr.c in xkbcommon and
| libxkbcommon before 0.8.1, which could be used by local attackers to
| crash xkbcommon users by supplying a crafted keymap file that
| triggers boolean negation.


CVE-2018-15859[1]:
| Unchecked NULL pointer usage when parsing invalid atoms in
| ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be
| used by local attackers to crash (NULL pointer dereference) the
| xkbcommon parser by supplying a crafted keymap file, because lookup
| failures are mishandled.


CVE-2018-15861[2]:
| Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in
| xkbcommon before 0.8.2 could be used by local attackers to crash
| (NULL pointer dereference) the xkbcommon parser by supplying a
| crafted keymap file that triggers an xkb_intern_atom failure.


CVE-2018-15863[3]:
| Unchecked NULL pointer usage in ResolveStateAndPredicate in
| xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local
| attackers to crash (NULL pointer dereference) the xkbcommon parser
| by supplying a crafted keymap file with a no-op modmask expression.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-15853
    https://www.cve.org/CVERecord?id=CVE-2018-15853
[1] https://security-tracker.debian.org/tracker/CVE-2018-15859
    https://www.cve.org/CVERecord?id=CVE-2018-15859
[2] https://security-tracker.debian.org/tracker/CVE-2018-15861
    https://www.cve.org/CVERecord?id=CVE-2018-15861
[3] https://security-tracker.debian.org/tracker/CVE-2018-15863
    https://www.cve.org/CVERecord?id=CVE-2018-15863
[4] https://www.openwall.com/lists/oss-security/2025/12/03/1

Regards,
Salvatore

Reply to:

Follow-Ups:
- Processed: x11-xkb-utils: CVE-2018-15853 CVE-2018-15859 CVE-2018-15861 CVE-2018-15863
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Processed: x11-xkb-utils: CVE-2018-15853 CVE-2018-15859 CVE-2018-15861 CVE-2018-15863
Next by Date: [Git][xorg-team/app/xterm][pristine-tar] pristine-tar data for xterm_404.orig.tar.gz
Previous by thread: glslang_16.0.0-3_source.changes ACCEPTED into unstable
Next by thread: Processed: x11-xkb-utils: CVE-2018-15853 CVE-2018-15859 CVE-2018-15861 CVE-2018-15863
Index(es):
- Date
- Thread