Integer Overflow Vulnerability in FreeBSD

Integer Overflow Vulnerability in FreeBSD

CVE-2018-6917 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, insufficient validation of user-provided font parameters can result in an integer overflow, leading to the use of arbitrary kernel memory as glyph data. Unprivileged users may be able to access privileged kernel data.

Learn more about our User Device Pen Test.