CVE-2018-6917
HIGHFreeBSD 10.0-10.3 - Integer Overflow in Font Parameter Validation
Title source: llmDescription
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, insufficient validation of user-provided font parameters can result in an integer overflow, leading to the use of arbitrary kernel memory as glyph data. Unprivileged users may be able to access privileged kernel data.
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
x_refsource_freebsd
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:04.vt.asc
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103668
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1040629
Scores
CVSS v3
7.5
EPSS
0.0096
EPSS Percentile
76.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-190
Status
published
Products (1)
freebsd/freebsd
10.0 - 10.4
Published
Apr 04, 2018
Tracked Since
Feb 18, 2026