CVE-2018-6917

EUVD-2018-18661
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, insufficient validation of user-provided font parameters can result in an integer overflow, leading to the use of arbitrary kernel memory as glyph data. Unprivileged users may be able to access privileged kernel data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
Affected Products (NVD)
VendorProductVersion
freebsdfreebsd
10.0 ≤
𝑥
< 10.4
freebsdfreebsd
11.0 ≤
𝑥
< 11.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/103668
http://www.securitytracker.com/id/1040629
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:04.vt.asc
http://www.securityfocus.com/bid/103668
http://www.securitytracker.com/id/1040629
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:04.vt.asc