CVE-2024-48854

MEDIUM

Blackberry Qnx Software Development Platform - Information Disclosure

Title source: rule

Description

Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec.

References (1)

[Vendor Advisory] https://support.blackberry.com/pkb/s/article/140334

Scores

CVSS v3 5.3

EPSS 0.0046

EPSS Percentile 64.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-193

Status published

Products (3)

blackberry/qnx_software_development_platform 7.0

blackberry/qnx_software_development_platform 7.1

blackberry/qnx_software_development_platform 8.0

Published Jan 14, 2025

Tracked Since Feb 18, 2026