Vulnerability Description
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, insufficient validation of user-provided font parameters can result in an integer overflow, leading to the use of arbitrary kernel memory as glyph data. Unprivileged users may be able to access privileged kernel data.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freebsd | Freebsd | >= 10.0, < 10.4 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/103668Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040629Third Party AdvisoryVDB Entry
- https://security.FreeBSD.org/advisories/FreeBSD-SA-18:04.vt.ascVendor Advisory
- http://www.securityfocus.com/bid/103668Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040629Third Party AdvisoryVDB Entry
- https://security.FreeBSD.org/advisories/FreeBSD-SA-18:04.vt.ascVendor Advisory
FAQ
What is CVE-2018-6917?
CVE-2018-6917 is a vulnerability with a CVSS score of 7.5 (HIGH). In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, insufficient validation of user-provided font parameters can result in an integer overflow, leading t...
How severe is CVE-2018-6917?
CVE-2018-6917 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-6917?
Check the references section above for vendor advisories and patch information. Affected products include: Freebsd Freebsd.