CVE-2024-48854

Published Jan 14, 2025

Last updated a month ago

CVSS medium 5.3

Overview

Description: Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec.
Source: secure@blackberry.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

Weaknesses

secure@blackberry.com: CWE-193
nvd@nist.gov: CWE-193

Hype score: Not currently trending

Critical Flaws in QNX Software Development Platform Image Codecs Expose Systems to Attacks These flaws are tracked under CVE-2024-48854, CVE-2024-48855, CVE-2024-48856, CVE-2024-48857, and CVE-2024-48858, with CVSS scores reaching as high as 9.8 https://t.co/S7JqgCn8Iz
@the_yellow_fall
20 Jan 2025
413 Impressions
3 Retweets
8 Likes
1 Bookmark
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "058D8A14-E99C-4AA9-BE27-794B8D8B9E49"
          },
          {
            "criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0E19A3D-96D9-4DF2-8E56-E2D917B1A9EA"
          },
          {
            "criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CD7E9BB-7B9E-4022-BE18-EA9642F54064"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References