Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation.
{ "vanir_signatures": [ { "id": "CVE-2018-15853-4ce843d1", "digest": { "line_hashes": [ "38329813360607004553092467826760994406", "182458909361269598744252420272304667328", "265924496730946848593345593789483999581", "112869328122952996430498009101837060069" ], "threshold": 0.9 }, "signature_type": "Line", "target": { "file": "src/xkbcomp/expr.c" }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/xkbcommon/libxkbcommon/commit/1f9d1248c07cda8aaff762429c0dce146de8632a" }, { "id": "CVE-2018-15853-e0dd6fde", "digest": { "length": 1539.0, "function_hash": "209006827910055964214525848213169957960" }, "signature_type": "Function", "target": { "file": "src/xkbcomp/expr.c", "function": "ExprResolveBoolean" }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/xkbcommon/libxkbcommon/commit/1f9d1248c07cda8aaff762429c0dce146de8632a" } ] }