CVE-2021-32024

CRITICAL

Blackberry Qnx Software Development Platform - Remote Code Execution

Title source: rule

Description

A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process.

References (1)

[Patch, Vendor Advisory] http://support.blackberry.com/kb/articleDetail?articleNumber=000089042

Scores

CVSS v3 9.8

EPSS 0.0265

EPSS Percentile 85.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-1287

Status published

Products (1)

blackberry/qnx_software_development_platform 6.4.0 - 7.1

Published Dec 13, 2021

Tracked Since Feb 18, 2026