CVE-2018-15860

critical

Description

libxkbcommon 0.8.2, CVE-2018-15853 through to 15864. These fix a number of memory handling issues with xkbcommon. Together with the keymap FD handling in various Wayland compositors (keymaps could be mapped rw and clients could thus replace the content) libxkbcommon's memory issues could serve as attack vector to gain access to another client. The update to 0.8.2 is a lot easier and safer than backporting all patches, given the number of other fixes not (yet?) assigned a CVE.

Details

Source: Mitre, NVD

Published: 2018-08-24

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical