CVE-2024-48854 MEDIUM

CVE-2024-48854: Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform

Vendor Blackberry
Product QNX Software Development Platform (SDP)
Weakness CWE-193
Published January 14, 2025
Last update January 14, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec.

Key dates

02Disclosure timeline

January 14, 2025 CVE published
January 14, 2025 Record updated