ASA-2019-00403 – FreeBSD: iconv buffer overflow

The iconv(3) API converts text data from one character encoding to another and is available as part of the standard C library (libc). With certain inputs, iconv may write beyond the end of the output buffer. Depending on the way in which iconv is used, an attacker may be able to create a denial of service, provoke incorrect program behavior, or induce a remote code execution. iconv is a libc library function and the nature of possible attacks will depend on the way in which iconv is used by applications or daemons.