{
  "version": "1",
  "package": [
    {
      "name": "libxkbcommon",
      "layer": "meta",
      "version": "1.6.0",
      "products": [
        {
          "product": "libxkbcommon",
          "cvesInRecord": "Yes"
        }
      ],
      "issue": [
        {
          "id": "CVE-2018-15853",
          "summary": "Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation.",
          "scorev2": "2.1",
          "scorev3": "5.5",
          "scorev4": "0.0",
          "vector": "LOCAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2018-15853"
        },
        {
          "id": "CVE-2018-15857",
          "summary": "An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file.",
          "scorev2": "4.6",
          "scorev3": "7.8",
          "scorev4": "0.0",
          "vector": "LOCAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2018-15857"
        },
        {
          "id": "CVE-2018-15858",
          "summary": "Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file.",
          "scorev2": "2.1",
          "scorev3": "5.5",
          "scorev4": "0.0",
          "vector": "LOCAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2018-15858"
        },
        {
          "id": "CVE-2018-15859",
          "summary": "Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled.",
          "scorev2": "2.1",
          "scorev3": "5.5",
          "scorev4": "0.0",
          "vector": "LOCAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2018-15859"
        },
        {
          "id": "CVE-2018-15861",
          "summary": "Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure.",
          "scorev2": "2.1",
          "scorev3": "5.5",
          "scorev4": "0.0",
          "vector": "LOCAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2018-15861"
        },
        {
          "id": "CVE-2018-15862",
          "summary": "Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers.",
          "scorev2": "2.1",
          "scorev3": "5.5",
          "scorev4": "0.0",
          "vector": "LOCAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2018-15862"
        },
        {
          "id": "CVE-2018-15863",
          "summary": "Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression.",
          "scorev2": "2.1",
          "scorev3": "5.5",
          "scorev4": "0.0",
          "vector": "LOCAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2018-15863"
        },
        {
          "id": "CVE-2018-15864",
          "summary": "Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created.",
          "scorev2": "2.1",
          "scorev3": "5.5",
          "scorev4": "0.0",
          "vector": "LOCAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2018-15864"
        }
      ]
    }
  ]
}