CVE-2024-48855 MEDIUM

CVE-2024-48855: Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform

Vendor Blackberry
Product QNX Software Development Platform (SDP)
Weakness CWE-125
Published January 14, 2025
Last update February 12, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec.

Key dates

02Disclosure timeline

January 14, 2025 CVE published
February 12, 2025 Record updated