Please sign in to comment.
Limit glyph count in vtfont_load to avoid integer overflow.
Invalid font data passed to PIO_VFONT can result in an integer overflow in glyphsize. Characters may then be drawn on the console using glyph map entries that point beyond the end of allocated glyph memory, resulting in a kernel memory disclosure. Submitted by: emaste Reported by: Dr. Silvio Cesare of InfoSect Security: CVE-2018-6917 Security: FreeBSD-SA-18:04.vt Sponsored by: The FreeBSD Foundation
- Loading branch information...