====================================================================== X.Org Security Advisory: Wed 3, 2025
Issues in xkbcomp prior to version 1.5.0 ====================================================================== Multiple issues have been found in xkbcomp that have been previously been published as CVEs in libxbkcommon. libxkbcommon is (to some degree) a fork of xkbcomp and some of the code base is identical. These CVEs were published earlier as: - CVE-2018-15853: Endless recursion in xkbcomp/expr.c resulting in a crash https://gitlab.freedesktop.org/xorg/app/xkbcomp/-/commit/da8367645 - CVE-2018-15859: NULL pointer dereference when parsing invalid atoms in ExprResolveLhs resulting in a crash https://gitlab.freedesktop.org/xorg/app/xkbcomp/-/commit/895e080b2 - CVE-2018-15861: NULL pointer dereference in ExprResolveLhs resulting in a crash https://gitlab.freedesktop.org/xorg/app/xkbcomp/-/commit/c34263540 - CVE-2018-15863: NULL pointer dereference in ResolveStateAndPredicate resulting in a crash https://gitlab.freedesktop.org/xorg/app/xkbcomp/-/commit/fa10dbc2c These four issues also affect xkbcomp. As the issues have been effectively public for a while, there is no embargo. xkbcomp 1.5.0 is available now and contains these fixes. Many thanks to Pierre Le Marre for finding these issues in xkbcomp.
signature.asc
Description: PGP signature
