CVE-2024-48858

High

Published: 14 January 2025

Published

14 January 2025

Modified

01 December 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0034 56.8th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Improper input validation in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec.

Security Summary

CVE-2024-48858 is an improper input validation vulnerability (CWE-1287) in the PCX image codec of QNX SDP versions 8.0, 7.1, and 7.0. Published on 2025-01-14, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its potential for high-impact availability disruption without affecting confidentiality or integrity.

An unauthenticated attacker can exploit this vulnerability remotely over the network with low attack complexity and no privileges or user interaction required. Exploitation triggers a denial-of-service condition within the context of the process using the PCX image codec, potentially crashing the affected application.

Blackberry has published an advisory with mitigation guidance at https://support.blackberry.com/pkb/s/article/140334.

Details

CWE(s): CWE-1287

Affected Products

blackberry

qnx software development platform

7.0, 7.1, 8.0

References

https://support.blackberry.com/pkb/s/article/140334
Vendor Advisory · secure@blackberry.com