CVE-2024-48855

Medium

Published: 14 January 2025

Published

14 January 2025

Modified

21 January 2025

KEV Added

—

Patch

—

CVSS Score 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Score 0.0046 64.4th percentile

Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Description

Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec.

Security Summary

CVE-2024-48855 is an out-of-bounds read vulnerability (CWE-125) in the TIFF image codec within QNX SDP versions 8.0, 7.1, and 7.0. Published on January 14, 2025, it carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N), indicating medium severity primarily due to low-impact confidentiality loss.

An unauthenticated attacker can exploit this vulnerability over the network with low attack complexity, no user interaction, and no privileges. Exploitation triggers an out-of-bounds read, potentially allowing disclosure of sensitive information from the memory context of the process using the TIFF image codec.

The BlackBerry advisory at https://support.blackberry.com/pkb/s/article/140334 provides details on mitigation and patches for affected QNX SDP versions.

Details

CWE(s): CWE-125

Affected Products

blackberry

qnx software development platform

7.0, 7.1, 8.0

References

https://support.blackberry.com/pkb/s/article/140334
Vendor Advisory · secure@blackberry.com