Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec.
A CWE-787 class error (out-of-bounds write) occurs in the codec handling PCX image format in QNX SDP. Processing a specially crafted PCX file causes data to be written outside the designated buffer in memory. The exploit can be triggered by any process that uses the vulnerable codec to process images, without requiring any privileges or login.
An attacker can cause a denial of service (DoS) in a process using the PCX codec or execute arbitrary code in the context of that process. In industrial and embedded environments where QNX SDP is commonly used, the impact may include taking control of critical system components.
Apply patches available from the manufacturer according to the references: https://support.blackberry.com/pkb/s/article/140334
BlackBerry QNX Software Development Platform (QNX SDP) in versions 8.0, 7.1, and 7.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HBlackberry Qnx Software Development Platform
APPBlackberry7.07.18.0
Related vulnerabilities
Out-of-bounds write w kodeku PCX w BlackBerry QNX SDP — RCE i DoS
Podatność improper input validation w SGI Image Codec QNX SDP
A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could...
An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of Bl...
An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry ...