CVE-2018-6917

Summary

In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, insufficient validation of user-provided font parameters can result in an integer overflow, leading to the use of arbitrary kernel memory as glyph data. Unprivileged users may be able to access privileged kernel data.

Affected Software

VendorProductVersion RangeStatus
FreeBSDFreeBSDAll supported versions of FreeBSD.affected

Weaknesses

  • Kernel memory disclosure

ADP Enrichment

CVE Program Container

Additional References

References