Denial of Service or Code Execution Vulnerability
CVE-2024-35213

9CRITICAL

Key Information:

Vendor: Blackberry
Status: Qnx Software Development Platform
Vendor: CVE Published:; 11 June 2024

What is CVE-2024-35213?

An improper input validation vulnerability exists within the SGI Image Codec of QNX Software Development Platform (SDP) versions 6.6, 7.0, and 7.1. This vulnerability may allow an attacker to exploit the image processing functionality, potentially leading to a denial-of-service condition or unauthorized code execution. Proper validation mechanisms must be implemented to safeguard against attacks targeting this vulnerability.

Affected Version(s)

QNX Software Development Platform 6.6, 7.0, and 7.1

References

https://support.blackberry.com/pkb/s/article/139914

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 11, 2024
Vulnerability Reserved
May 13, 2024

Blackberry

What is CVE-2024-35213?

Affected Version(s)

References

CVSS V3.1

Timeline