FreeBSD -- Buffer overflow in stdio

Problem Description:
A programming error in the standard I/O library’s
__sflush() function could erroneously adjust the buffered
stream’s internal state even when no write actually occurred
in the case when write(2) system call returns an error.
Impact:
The accounting mismatch would accumulate, if the caller
does not check for stream status and will eventually lead
to a heap buffer overflow.
Such overflows may lead to data corruption or the execution
of arbitrary code at the privilege level of the calling
program.