CRITICAL🇵🇱 Wersja polska

CVE-2024-48856

CVSS 9.8v3.1pub. 2025-01-14upd. 2025-01-21

Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec.

🤖 AI Analysis
How it works

A CWE-787 class error (out-of-bounds write) occurs in the codec handling PCX image format in QNX SDP. Processing a specially crafted PCX file causes data to be written outside the designated buffer in memory. The exploit can be triggered by any process that uses the vulnerable codec to process images, without requiring any privileges or login.

Impact

An attacker can cause a denial of service (DoS) in a process using the PCX codec or execute arbitrary code in the context of that process. In industrial and embedded environments where QNX SDP is commonly used, the impact may include taking control of critical system components.

Mitigation & patch

Apply patches available from the manufacturer according to the references: https://support.blackberry.com/pkb/s/article/140334

Who is affected

BlackBerry QNX Software Development Platform (QNX SDP) in versions 8.0, 7.1, and 7.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Blackberry Qnx Software Development Platform

    APP
    Blackberry
    7.07.18.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth BypassMemory
CWE
References

Related vulnerabilities

CVE-2025-2474CRITICAL9.8PL ✓ten sam produkt

Out-of-bounds write w kodeku PCX w BlackBerry QNX SDP — RCE i DoS

CVE-2024-35213CRITICAL9.0PL ✓ten sam produkt

Podatność improper input validation w SGI Image Codec QNX SDP

CVE-2021-32024CRITICAL9.8ten sam produkt

A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could...

CVE-2021-22156CRITICAL9.0ten sam produkt

An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of Bl...

CVE-2020-6932CRITICAL10.0ten sam produkt

An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry ...