libxkbcommon Endless Recursion Denial of Service Vulnerability

By GIXnews

A vulnerability in the xkbcomp/expr.c source code file of libxkbcommon could allow a local attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to an endless recursion error in the xkbcomp/expr.c source code file of the affected software. A local attacker could exploit this vulnerability by submitting a crafted keymap file that submits malicious input to an affected system. A successful exploit could cause the targeted system to crash, resulting in a DoS condition.

The vendor has confirmed the vulnerability and released software updates.

Security Impact Rating: Medium

CVE: CVE-2018-15853

Source:: Cisco Multivendor Vulnerability Alerts