CVE-2024-48856

Critical

Published: 14 January 2025

Published

14 January 2025

Modified

21 January 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0104 77.5th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec.

Security Summary

CVE-2024-48856 is an out-of-bounds write vulnerability (CWE-787) in the PCX image codec within QNX Software Development Platform (SDP) versions 8.0, 7.1, and 7.0. Published on 2025-01-14, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting its critical severity due to high impacts on confidentiality, integrity, and availability.

An unauthenticated attacker can exploit this vulnerability remotely with low attack complexity and no privileges or user interaction required. Exploitation could result in a denial-of-service condition or arbitrary code execution within the context of the process utilizing the image codec.

The BlackBerry support advisory provides further details on this issue, available at https://support.blackberry.com/pkb/s/article/140334.

Details

CWE(s): CWE-787

Affected Products

blackberry

qnx software development platform

7.0, 7.1, 8.0

References

https://support.blackberry.com/pkb/s/article/140334
Vendor Advisory · secure@blackberry.com