Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkbinternatom failure.
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:a:xkbcommon:xkbcommon:*:*:*:*:*:*:*:*"
],
"vendor_product": "xkbcommon:xkbcommon",
"extracted_events": [
{
"last_affected": "0.8.1"
}
],
"source": "CPE_RANGE"
},
{
"cpes": [
"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"
],
"vendor_product": "canonical:ubuntu_linux",
"extracted_events": [
{
"introduced": "14.04"
},
{
"last_affected": "14.04"
},
{
"introduced": "16.04"
},
{
"last_affected": "16.04"
},
{
"introduced": "18.04"
},
{
"last_affected": "18.04"
}
],
"source": "CPE_STRING"
}
]
}{
"cpe": "cpe:2.3:a:xkbcommon:libxkbcommon:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "0.8.1"
}
],
"source": [
"CPE_RANGE",
"REFERENCES"
]
}[
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"175774263160934243552466536784463886460",
"29792962635781937238241845947226447142",
"122428947483686325534453935867743759180",
"262686909748002111389933887153581256306"
]
},
"target": {
"file": "src/xkbcomp/expr.c"
},
"id": "CVE-2018-15861-93523a78",
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/xkbcommon/libxkbcommon/commit/38e1766bc6e20108948aec8a0b222a4bad0254e9",
"deprecated": false
},
{
"digest": {
"function_hash": "278895155981102000261140200257513622388",
"length": 772.0
},
"target": {
"function": "ExprResolveLhs",
"file": "src/xkbcomp/expr.c"
},
"id": "CVE-2018-15861-93f2b488",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/xkbcommon/libxkbcommon/commit/38e1766bc6e20108948aec8a0b222a4bad0254e9",
"deprecated": false
}
]
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-15861.json"
"2026-07-08T20:30:12Z"