Red Hat Bugzilla – Bug 1623013
CVE-2018-15855 libxkbcommon: NULL pointer dereference when handling xkb_geometry
Last modified: 2018-10-25 10:09:22 EDT
Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled. Upstream patch: https://github.com/xkbcommon/libxkbcommon/commit/917636b1d0d70205a13f89062b95e3a0fc31d4ff References: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html
The parser implemented in parser.y returns NULL when a xkb_geometry FileType is parsed, but some parts of the code, like parser.y:parse(), do not handle NULL values, causing the application to crash.