CVE-2018-6917

Name of the Vulnerable Software and Affected Versions FreeBSD versions prior to 11.1-STABLE FreeBSD versions prior to 11.1-RELEASE-p9 FreeBSD versions prior to 10.4-STABLE FreeBSD versions prior to 10.4-RELEASE-p8 FreeBSD versions prior to 10.3-RELEASE-p28

Description The issue arises from insufficient validation of user-provided font parameters, resulting in an integer overflow. This overflow leads to the use of arbitrary kernel memory as glyph data, potentially allowing unprivileged users to access privileged kernel data.

Recommendations For versions prior to 11.1-STABLE, update to 11.1-STABLE or later. For versions prior to 11.1-RELEASE-p9, update to 11.1-RELEASE-p9 or later. For versions prior to 10.4-STABLE, update to 10.4-STABLE or later. For versions prior to 10.4-RELEASE-p8, update to 10.4-RELEASE-p8 or later. For versions prior to 10.3-RELEASE-p28, update to 10.3-RELEASE-p28 or later.