CVE-2024-35213
CRITICALQNX Software Development Platform 6.6-7.1 - Denial of Service or Remote Code Execution in SGI Image Codec
Title source: llmDescription
An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing process.
References (1)
Core 1
Core References
Vendor Advisory
https://support.blackberry.com/pkb/s/article/139914
Scores
CVSS v3
9.0
EPSS
0.0052
EPSS Percentile
39.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-1287
Status
published
Products (1)
blackberry/qnx_software_development_platform
6.6.0 - 8.0
Published
Jun 11, 2024
Tracked Since
Feb 18, 2026