CVE-2024-48856: Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform

9.8 CVSS

Description

Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec.

Classification

CVE ID: CVE-2024-48856

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.8

Affected Products

Vendor: BlackBerry

Product: QNX Software Development Platform (SDP)

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.09% (probability of being exploited)

EPSS Percentile: 40.74% (scored less or equal to compared to others)

EPSS Date: 2025-02-12 (when was this score calculated)

References

https://support.blackberry.com/pkb/s/article/140334

Timeline

2025-01-15 00:30:28 UTC
CVE

Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform