Search
Total
3447 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7161 | 2 Apple, Canonical | 2 Safari, Ubuntu Linux | 2019-10-03 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. Safari before 11.0.2 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code via special characters that trigger command injection. | |||||
| CVE-2016-2118 | 2 Canonical, Samba | 2 Ubuntu Linux, Samba | 2019-09-27 | 6.8 MEDIUM | 7.5 HIGH |
| The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK." | |||||
| CVE-2015-7529 | 3 Canonical, Redhat, Sos Project | 8 Ubuntu Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more | 2019-09-27 | 4.6 MEDIUM | 7.8 HIGH |
| sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date. | |||||
| CVE-2019-7308 | 3 Canonical, Linux, Opensuse | 3 Ubuntu Linux, Linux Kernel, Leap | 2019-09-24 | 4.7 MEDIUM | 5.6 MEDIUM |
| kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks. | |||||
| CVE-2011-2767 | 4 Apache, Canonical, Debian and 1 more | 7 Mod Perl, Ubuntu Linux, Debian Linux and 4 more | 2019-09-24 | 10.0 HIGH | 9.8 CRITICAL |
| mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes. | |||||
| CVE-2018-10839 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2019-09-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS. | |||||
| CVE-2019-15717 | 2 Canonical, Irssi | 2 Ubuntu Linux, Irssi | 2019-09-14 | 7.5 HIGH | 9.8 CRITICAL |
| Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP. | |||||
| CVE-2018-20551 | 2 Canonical, Freedesktop | 2 Ubuntu Linux, Poppler | 2019-09-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c. | |||||
| CVE-2018-19824 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-09-10 | 4.6 MEDIUM | 7.8 HIGH |
| In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c. | |||||
| CVE-2018-20679 | 2 Busybox, Canonical | 2 Busybox, Ubuntu Linux | 2019-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes. | |||||
| CVE-2019-5747 | 2 Busybox, Canonical | 2 Busybox, Ubuntu Linux | 2019-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exists because of an incomplete fix for CVE-2018-20679. | |||||
| CVE-2019-9850 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from script event handers. However an insufficient url validation vulnerability in LibreOffice allowed malicious to bypass that protection and again trigger calling LibreLogo from script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6. | |||||
| CVE-2019-9851 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6. | |||||
| CVE-2019-3701 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-09-03 | 4.9 MEDIUM | 4.4 MEDIUM |
| An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_ADMIN can create a CAN frame modification rule that makes the data length code a higher value than the available CAN frame data size. In combination with a configured checksum calculation where the result is stored relatively to the end of the data (e.g. cgw_csum_xor_rel) the tail of the skb (e.g. frag_list pointer in skb_shared_info) can be rewritten which finally can cause a system crash. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames. | |||||
| CVE-2018-5738 | 2 Canonical, Isc | 2 Ubuntu Linux, Bind | 2019-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| Change #4777 (introduced in October 2017) introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended (and documented) behavior is that if an operator has not specified a value for the "allow-recursion" setting, it SHOULD default to one of the following: none, if "recursion no;" is set in named.conf; a value inherited from the "allow-query-cache" or "allow-query" settings IF "recursion yes;" (the default for that setting) AND match lists are explicitly set for "allow-query-cache" or "allow-query" (see the BIND9 Administrative Reference Manual section 6.2 for more details); or the intended default of "allow-recursion {localhost; localnets;};" if "recursion yes;" is in effect and no values are explicitly set for "allow-query-cache" or "allow-query". However, because of the regression introduced by change #4777, it is possible when "recursion yes;" is in effect and no match list values are provided for "allow-query-cache" or "allow-query" for the setting of "allow-recursion" to inherit a setting of all hosts from the "allow-query" setting default, improperly permitting recursion to all clients. Affects BIND 9.9.12, 9.10.7, 9.11.3, 9.12.0->9.12.1-P2, the development release 9.13.0, and also releases 9.9.12-S1, 9.10.7-S1, 9.11.3-S1, and 9.11.3-S2 from BIND 9 Supported Preview Edition. | |||||
| CVE-2019-15133 | 2 Canonical, Giflib Project | 2 Ubuntu Linux, Giflib | 2019-08-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero. | |||||
| CVE-2018-13043 | 2 Canonical, Debian | 2 Ubuntu Linux, Devscripts | 2019-08-19 | 7.5 HIGH | 9.8 CRITICAL |
| scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing. | |||||
| CVE-2017-16642 | 4 Canonical, Debian, Netapp and 1 more | 5 Ubuntu Linux, Debian Linux, Clustered Data Ontap and 2 more | 2019-08-19 | 5.0 MEDIUM | 7.5 HIGH |
| In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145. | |||||
| CVE-2018-14851 | 4 Canonical, Debian, Netapp and 1 more | 4 Ubuntu Linux, Debian Linux, Storage Automation Store and 1 more | 2019-08-19 | 4.3 MEDIUM | 5.5 MEDIUM |
| exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file. | |||||
| CVE-2018-10548 | 4 Canonical, Debian, Netapp and 1 more | 4 Ubuntu Linux, Debian Linux, Storage Automation Store and 1 more | 2019-08-19 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value. | |||||
| CVE-2018-10549 | 4 Canonical, Debian, Netapp and 1 more | 4 Ubuntu Linux, Debian Linux, Storage Automation Store and 1 more | 2019-08-19 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\0' character. | |||||
| CVE-2018-10547 | 4 Canonical, Debian, Netapp and 1 more | 4 Ubuntu Linux, Debian Linux, Storage Automation Store and 1 more | 2019-08-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712. | |||||
| CVE-2018-7584 | 3 Canonical, Debian, Php | 3 Ubuntu Linux, Debian Linux, Php | 2019-08-19 | 7.5 HIGH | 9.8 CRITICAL |
| In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string. | |||||
| CVE-2018-5712 | 3 Canonical, Debian, Php | 3 Ubuntu Linux, Debian Linux, Php | 2019-08-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file. | |||||
| CVE-2018-10545 | 4 Canonical, Debian, Netapp and 1 more | 4 Ubuntu Linux, Debian Linux, Storage Automation Store and 1 more | 2019-08-19 | 1.9 LOW | 4.7 MEDIUM |
| An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the PHP-FPM worker process. | |||||
| CVE-2017-14166 | 3 Canonical, Debian, Libarchive | 3 Ubuntu Linux, Debian Linux, Libarchive | 2019-08-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. | |||||
| CVE-2018-20169 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-08-13 | 7.2 HIGH | 6.8 MEDIUM |
| An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c. | |||||
| CVE-2018-14609 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-08-13 | 7.1 HIGH | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in __del_reloc_root() in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to removing reloc rb_trees when reloc control has not been initialized. | |||||
| CVE-2018-14617 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-08-13 | 7.1 HIGH | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory. | |||||
| CVE-2018-11780 | 4 Apache, Canonical, Debian and 1 more | 4 Spamassassin, Ubuntu Linux, Debian Linux and 1 more | 2019-08-06 | 7.5 HIGH | 9.8 CRITICAL |
| A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2. | |||||
| CVE-2018-11781 | 4 Apache, Canonical, Debian and 1 more | 7 Spamassassin, Ubuntu Linux, Debian Linux and 4 more | 2019-08-06 | 4.6 MEDIUM | 7.8 HIGH |
| Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax. | |||||
| CVE-2018-15854 | 2 Canonical, Xkbcommon Project | 2 Ubuntu Linux, Xkbcommon | 2019-08-06 | 2.1 LOW | 5.5 MEDIUM |
| Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly. | |||||
| CVE-2018-17581 | 3 Canonical, Debian, Exiv2 | 3 Ubuntu Linux, Debian Linux, Exiv2 | 2019-08-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service. | |||||
| CVE-2018-18585 | 5 Canonical, Debian, Kyzer and 2 more | 5 Ubuntu Linux, Debian Linux, Libmspack and 2 more | 2019-08-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name). | |||||
| CVE-2018-18661 | 2 Canonical, Libtiff | 2 Ubuntu Linux, Libtiff | 2019-08-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c. | |||||
| CVE-2018-19059 | 2 Canonical, Freedesktop | 2 Ubuntu Linux, Poppler | 2019-08-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts. | |||||
| CVE-2018-19060 | 2 Canonical, Freedesktop | 2 Ubuntu Linux, Poppler | 2019-08-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path. | |||||
| CVE-2018-19149 | 2 Canonical, Freedesktop | 2 Ubuntu Linux, Poppler | 2019-08-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment. | |||||
| CVE-2018-17336 | 2 Canonical, Freedesktop | 2 Ubuntu Linux, Udisks | 2019-08-06 | 4.6 MEDIUM | 7.8 HIGH |
| UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings. | |||||
| CVE-2018-16842 | 3 Canonical, Debian, Haxx | 3 Ubuntu Linux, Debian Linux, Curl | 2019-08-06 | 6.4 MEDIUM | 9.1 CRITICAL |
| Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. | |||||
| CVE-2018-16658 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-08-06 | 3.6 LOW | 6.1 MEDIUM |
| An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940. | |||||
| CVE-2018-19788 | 3 Canonical, Debian, Polkit Project | 3 Ubuntu Linux, Debian Linux, Polkit | 2019-08-06 | 9.0 HIGH | 8.8 HIGH |
| A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command. | |||||
| CVE-2018-15864 | 2 Canonical, Xkbcommon | 3 Ubuntu Linux, Libxkbcommon, Xkbcommon | 2019-08-06 | 2.1 LOW | 5.5 MEDIUM |
| Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created. | |||||
| CVE-2018-15863 | 2 Canonical, Xkbcommon | 3 Ubuntu Linux, Libxkbcommon, Xkbcommon | 2019-08-06 | 2.1 LOW | 5.5 MEDIUM |
| Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression. | |||||
| CVE-2018-15862 | 2 Canonical, Xkbcommon | 3 Ubuntu Linux, Libxkbcommon, Xkbcommon | 2019-08-06 | 2.1 LOW | 5.5 MEDIUM |
| Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers. | |||||
| CVE-2018-15861 | 2 Canonical, Xkbcommon | 3 Ubuntu Linux, Libxkbcommon, Xkbcommon | 2019-08-06 | 2.1 LOW | 5.5 MEDIUM |
| Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure. | |||||
| CVE-2018-20532 | 2 Canonical, Opensuse | 2 Ubuntu Linux, Libsolv | 2019-08-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service. | |||||
| CVE-2018-20533 | 2 Canonical, Opensuse | 2 Ubuntu Linux, Libsolv | 2019-08-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service. | |||||
| CVE-2018-15859 | 2 Canonical, Xkbcommon | 3 Ubuntu Linux, Libxkbcommon, Xkbcommon | 2019-08-06 | 2.1 LOW | 5.5 MEDIUM |
| Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled. | |||||
| CVE-2018-15857 | 2 Canonical, Xkbcommon | 3 Ubuntu Linux, Libxkbcommon, Xkbcommon | 2019-08-06 | 4.6 MEDIUM | 7.8 HIGH |
| An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file. | |||||