Out-of-Bounds Write Vulnerability in QNX SDP by BlackBerry
CVE-2024-48856

9.8CRITICAL

Key Information:

Vendor: Blackberry
Status: Qnx Software Development Platform (sdp)
Vendor: CVE Published:; 14 January 2025

What is CVE-2024-48856?

The out-of-bounds write vulnerability in the PCX image codec of QNX SDP affects versions 8.0, 7.1, and 7.0. This flaw allows unauthenticated attackers to exploit the vulnerability, potentially leading to a denial-of-service condition or unauthorized code execution within the context of the process utilizing the image codec. Such vulnerabilities can severely compromise the stability and security of systems relying on this software.

Affected Version(s)

QNX Software Development Platform (SDP) 8.0, 7.1 and 7.0

References

https://support.blackberry.com/pkb/s/article/140334

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 14, 2025

Blackberry

What is CVE-2024-48856?

Affected Version(s)

References

CVSS V3.1

Timeline