cve-2024-48854
Vulnerability from cvelistv5
Published
2025-01-14 18:53
Modified
2025-01-14 20:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec.
References
secure@blackberry.comhttps://support.blackberry.com/pkb/s/article/140334Vendor Advisory
Impacted products
Vendor Product Version
BlackBerry QNX Software Development Platform (SDP) Version: 8.0, 7.1 and 7.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-48854",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-14T20:14:47.798623Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-14T20:15:07.523Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "QNX Software Development Platform (SDP)",
          "vendor": "BlackBerry",
          "versions": [
            {
              "status": "affected",
              "version": "8.0, 7.1 and 7.0"
            }
          ]
        }
      ],
      "datePublic": "2025-01-14T18:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec."
            }
          ],
          "value": "Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-153",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-153 Input Data Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-193",
              "description": "CWE-193 Off-by-one Error",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-14T18:53:25.936Z",
        "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "shortName": "blackberry"
      },
      "references": [
        {
          "url": "https://support.blackberry.com/pkb/s/article/140334"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
    "assignerShortName": "blackberry",
    "cveId": "CVE-2024-48854",
    "datePublished": "2025-01-14T18:53:25.936Z",
    "dateReserved": "2024-10-08T17:38:16.156Z",
    "dateUpdated": "2025-01-14T20:15:07.523Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-48854\",\"sourceIdentifier\":\"secure@blackberry.com\",\"published\":\"2025-01-14T19:15:31.267\",\"lastModified\":\"2025-01-21T18:07:08.960\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec.\"},{\"lang\":\"es\",\"value\":\"Un error de un d\u00edgito en el c\u00f3dec de imagen TIFF en las versiones 8.0, 7.1 y 7.0 de QNX SDP podr\u00eda permitir que un atacante no autenticado provoque una divulgaci\u00f3n de informaci\u00f3n en el contexto del proceso que utiliza el c\u00f3dec de imagen.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@blackberry.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"secure@blackberry.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-193\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-193\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:blackberry:qnx_software_development_platform:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"058D8A14-E99C-4AA9-BE27-794B8D8B9E49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:blackberry:qnx_software_development_platform:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0E19A3D-96D9-4DF2-8E56-E2D917B1A9EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:blackberry:qnx_software_development_platform:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CD7E9BB-7B9E-4022-BE18-EA9642F54064\"}]}]}],\"references\":[{\"url\":\"https://support.blackberry.com/pkb/s/article/140334\",\"source\":\"secure@blackberry.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-48854\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-14T20:14:47.798623Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-14T20:15:00.519Z\"}}], \"cna\": {\"title\": \"Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-153\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-153 Input Data Manipulation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"BlackBerry\", \"product\": \"QNX Software Development Platform (SDP)\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.0, 7.1 and 7.0\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-01-14T18:00:00.000Z\", \"references\": [{\"url\": \"https://support.blackberry.com/pkb/s/article/140334\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-193\", \"description\": \"CWE-193 Off-by-one Error\"}]}], \"providerMetadata\": {\"orgId\": \"dbe78b00-5e7b-4fda-8748-329789ecfc5c\", \"shortName\": \"blackberry\", \"dateUpdated\": \"2025-01-14T18:53:25.936Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-48854\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-14T20:15:07.523Z\", \"dateReserved\": \"2024-10-08T17:38:16.156Z\", \"assignerOrgId\": \"dbe78b00-5e7b-4fda-8748-329789ecfc5c\", \"datePublished\": \"2025-01-14T18:53:25.936Z\", \"assignerShortName\": \"blackberry\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.