In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, insufficient validation of user-provided font parameters can result in an integer overflow, leading to the use of arbitrary kernel memory as glyph data. Unprivileged users may be able to access privileged kernel data.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/103668 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1040629 | Third Party Advisory VDB Entry |
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:04.vt.asc | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: freebsd
Published: 2018-04-04T00:00:00
Updated: 2018-04-06T09:57:01
Reserved: 2018-02-12T00:00:00
Link: CVE-2018-6917
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-04-04T14:29:00.247
Modified: 2018-05-24T18:02:51.990
Link: CVE-2018-6917
JSON object: View
Redhat Information
No data.
CWE