Search criteria
63 vulnerabilities found for qnx_software_development_platform by blackberry
FKIE_CVE-2025-2474
Vulnerability from fkie_nvd - Published: 2025-06-10 18:15 - Updated: 2025-12-01 18:05
Severity ?
Summary
Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec.
References
| URL | Tags | ||
|---|---|---|---|
| secure@blackberry.com | https://support.blackberry.com/pkb/s/article/140646 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | qnx_software_development_platform | 7.0 | |
| blackberry | qnx_software_development_platform | 7.1 | |
| blackberry | qnx_software_development_platform | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "058D8A14-E99C-4AA9-BE27-794B8D8B9E49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E19A3D-96D9-4DF2-8E56-E2D917B1A9EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7CD7E9BB-7B9E-4022-BE18-EA9642F54064",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec."
},
{
"lang": "es",
"value": "La escritura fuera de los l\u00edmites en el c\u00f3dec de imagen PCX en las versiones 8.0, 7.1 y 7.0 de QNX SDP podr\u00eda permitir que un atacante no autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio o ejecute c\u00f3digo en el contexto del proceso que utiliza el c\u00f3dec de imagen."
}
],
"id": "CVE-2025-2474",
"lastModified": "2025-12-01T18:05:04.720",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "secure@blackberry.com",
"type": "Secondary"
}
]
},
"published": "2025-06-10T18:15:30.477",
"references": [
{
"source": "secure@blackberry.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.blackberry.com/pkb/s/article/140646"
}
],
"sourceIdentifier": "secure@blackberry.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "secure@blackberry.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-48858
Vulnerability from fkie_nvd - Published: 2025-01-14 20:15 - Updated: 2025-12-01 18:06
Severity ?
Summary
Improper input validation in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec.
References
| URL | Tags | ||
|---|---|---|---|
| secure@blackberry.com | https://support.blackberry.com/pkb/s/article/140334 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | qnx_software_development_platform | 7.0 | |
| blackberry | qnx_software_development_platform | 7.1 | |
| blackberry | qnx_software_development_platform | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "058D8A14-E99C-4AA9-BE27-794B8D8B9E49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E19A3D-96D9-4DF2-8E56-E2D917B1A9EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7CD7E9BB-7B9E-4022-BE18-EA9642F54064",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec."
},
{
"lang": "es",
"value": "Una validaci\u00f3n de entrada incorrecta en el c\u00f3dec de imagen PCX en las versiones 8.0, 7.1 y 7.0 de QNX SDP podr\u00eda permitir que un atacante no autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio en el contexto del proceso que utiliza el c\u00f3dec de imagen."
}
],
"id": "CVE-2024-48858",
"lastModified": "2025-12-01T18:06:16.873",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secure@blackberry.com",
"type": "Secondary"
}
]
},
"published": "2025-01-14T20:15:28.373",
"references": [
{
"source": "secure@blackberry.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.blackberry.com/pkb/s/article/140334"
}
],
"sourceIdentifier": "secure@blackberry.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1287"
}
],
"source": "secure@blackberry.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-48854
Vulnerability from fkie_nvd - Published: 2025-01-14 19:15 - Updated: 2025-01-21 18:07
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec.
References
| URL | Tags | ||
|---|---|---|---|
| secure@blackberry.com | https://support.blackberry.com/pkb/s/article/140334 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | qnx_software_development_platform | 7.0 | |
| blackberry | qnx_software_development_platform | 7.1 | |
| blackberry | qnx_software_development_platform | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "058D8A14-E99C-4AA9-BE27-794B8D8B9E49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E19A3D-96D9-4DF2-8E56-E2D917B1A9EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7CD7E9BB-7B9E-4022-BE18-EA9642F54064",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec."
},
{
"lang": "es",
"value": "Un error de un d\u00edgito en el c\u00f3dec de imagen TIFF en las versiones 8.0, 7.1 y 7.0 de QNX SDP podr\u00eda permitir que un atacante no autenticado provoque una divulgaci\u00f3n de informaci\u00f3n en el contexto del proceso que utiliza el c\u00f3dec de imagen."
}
],
"id": "CVE-2024-48854",
"lastModified": "2025-01-21T18:07:08.960",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "secure@blackberry.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-14T19:15:31.267",
"references": [
{
"source": "secure@blackberry.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.blackberry.com/pkb/s/article/140334"
}
],
"sourceIdentifier": "secure@blackberry.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-193"
}
],
"source": "secure@blackberry.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-193"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-48855
Vulnerability from fkie_nvd - Published: 2025-01-14 19:15 - Updated: 2025-01-21 18:07
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec.
References
| URL | Tags | ||
|---|---|---|---|
| secure@blackberry.com | https://support.blackberry.com/pkb/s/article/140334 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | qnx_software_development_platform | 7.0 | |
| blackberry | qnx_software_development_platform | 7.1 | |
| blackberry | qnx_software_development_platform | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "058D8A14-E99C-4AA9-BE27-794B8D8B9E49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E19A3D-96D9-4DF2-8E56-E2D917B1A9EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7CD7E9BB-7B9E-4022-BE18-EA9642F54064",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec."
},
{
"lang": "es",
"value": "La lectura de fuera de los l\u00edmites en el c\u00f3dec de imagen TIFF en las versiones 8.0, 7.1 y 7.0 de QNX SDP podr\u00eda permitir que un atacante no autenticado provoque una divulgaci\u00f3n de informaci\u00f3n en el contexto del proceso que utiliza el c\u00f3dec de imagen."
}
],
"id": "CVE-2024-48855",
"lastModified": "2025-01-21T18:07:12.777",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "secure@blackberry.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-14T19:15:31.413",
"references": [
{
"source": "secure@blackberry.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.blackberry.com/pkb/s/article/140334"
}
],
"sourceIdentifier": "secure@blackberry.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secure@blackberry.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-48857
Vulnerability from fkie_nvd - Published: 2025-01-14 19:15 - Updated: 2025-01-21 18:06
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
NULL pointer dereference in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec.
References
| URL | Tags | ||
|---|---|---|---|
| secure@blackberry.com | https://support.blackberry.com/pkb/s/article/140334 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | qnx_software_development_platform | 7.0 | |
| blackberry | qnx_software_development_platform | 7.1 | |
| blackberry | qnx_software_development_platform | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "058D8A14-E99C-4AA9-BE27-794B8D8B9E49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E19A3D-96D9-4DF2-8E56-E2D917B1A9EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7CD7E9BB-7B9E-4022-BE18-EA9642F54064",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NULL pointer dereference in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec."
},
{
"lang": "es",
"value": "La desreferencia de puntero NULL en el c\u00f3dec de imagen PCX en las versiones 8.0, 7.1 y 7.0 de QNX SDP podr\u00eda permitir que un atacante no autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio en el contexto del proceso que utiliza el c\u00f3dec de imagen."
}
],
"id": "CVE-2024-48857",
"lastModified": "2025-01-21T18:06:46.287",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secure@blackberry.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-14T19:15:31.680",
"references": [
{
"source": "secure@blackberry.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.blackberry.com/pkb/s/article/140334"
}
],
"sourceIdentifier": "secure@blackberry.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "secure@blackberry.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-48856
Vulnerability from fkie_nvd - Published: 2025-01-14 19:15 - Updated: 2025-01-21 18:06
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec.
References
| URL | Tags | ||
|---|---|---|---|
| secure@blackberry.com | https://support.blackberry.com/pkb/s/article/140334 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | qnx_software_development_platform | 7.0 | |
| blackberry | qnx_software_development_platform | 7.1 | |
| blackberry | qnx_software_development_platform | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "058D8A14-E99C-4AA9-BE27-794B8D8B9E49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E19A3D-96D9-4DF2-8E56-E2D917B1A9EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7CD7E9BB-7B9E-4022-BE18-EA9642F54064",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec."
},
{
"lang": "es",
"value": "La escritura fuera de los l\u00edmites en el c\u00f3dec de imagen PCX en las versiones 8.0, 7.1 y 7.0 de QNX SDP podr\u00eda permitir que un atacante no autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio o ejecute c\u00f3digo en el contexto del proceso que utiliza el c\u00f3dec de imagen."
}
],
"id": "CVE-2024-48856",
"lastModified": "2025-01-21T18:06:49.433",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "secure@blackberry.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-14T19:15:31.543",
"references": [
{
"source": "secure@blackberry.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.blackberry.com/pkb/s/article/140334"
}
],
"sourceIdentifier": "secure@blackberry.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "secure@blackberry.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-35215
Vulnerability from fkie_nvd - Published: 2024-10-08 18:15 - Updated: 2025-12-01 17:56
Severity ?
Summary
NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Development Platform (SDP) version(s) 7.1 and 7.0 could allow an attacker with local access to cause a denial-of-service condition in the context of the Networking Stack process.
References
| URL | Tags | ||
|---|---|---|---|
| secure@blackberry.com | https://support.blackberry.com/pkb/s/article/140162 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | qnx_software_development_platform | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56E0D7BA-CF67-4DB3-8A02-122922CC8E3E",
"versionEndExcluding": "8.0",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Development Platform (SDP) version(s) 7.1 and 7.0 could allow an attacker with local access to cause a denial-of-service condition in the context of the Networking Stack process."
},
{
"lang": "es",
"value": "La desreferencia de puntero NULL en el procesamiento de opciones de socket IP de la pila de red en la plataforma de desarrollo de software (SDP) QNX versiones 7.1 y 7.0 podr\u00eda permitir que un atacante con acceso local provoque una condici\u00f3n de denegaci\u00f3n de servicio en el contexto del proceso de la pila de red."
}
],
"id": "CVE-2024-35215",
"lastModified": "2025-12-01T17:56:42.720",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"source": "secure@blackberry.com",
"type": "Secondary"
}
]
},
"published": "2024-10-08T18:15:05.717",
"references": [
{
"source": "secure@blackberry.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.blackberry.com/pkb/s/article/140162"
}
],
"sourceIdentifier": "secure@blackberry.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "secure@blackberry.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-35213
Vulnerability from fkie_nvd - Published: 2024-06-11 19:16 - Updated: 2025-12-01 18:02
Severity ?
Summary
An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | qnx_software_development_platform | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C639405-301B-4511-8A69-92135BA44F86",
"versionEndExcluding": "8.0",
"versionStartIncluding": "6.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing process."
},
{
"lang": "es",
"value": "Una vulnerabilidad de validaci\u00f3n de entrada incorrecta en el c\u00f3dec de im\u00e1genes SGI de las versiones 6.6, 7.0 y 7.1 de QNX SDP podr\u00eda permitir que un atacante cause potencialmente una condici\u00f3n de denegaci\u00f3n de servicio o ejecute c\u00f3digo en el contexto del proceso de procesamiento de im\u00e1genes."
}
],
"id": "CVE-2024-35213",
"lastModified": "2025-12-01T18:02:47.353",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0,
"source": "secure@blackberry.com",
"type": "Secondary"
}
]
},
"published": "2024-06-11T19:16:07.230",
"references": [
{
"source": "secure@blackberry.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.blackberry.com/pkb/s/article/139914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.blackberry.com/pkb/s/article/139914"
}
],
"sourceIdentifier": "secure@blackberry.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1287"
}
],
"source": "secure@blackberry.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-32701
Vulnerability from fkie_nvd - Published: 2023-11-14 19:15 - Updated: 2025-09-09 15:15
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Summary
Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | qnx_software_development_platform | 6.6.0 | |
| blackberry | qnx_software_development_platform | 7.0 | |
| blackberry | qnx_software_development_platform | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:6.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF1D7FB0-C40B-4DD6-B3C5-D90FBCCBAF23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "058D8A14-E99C-4AA9-BE27-794B8D8B9E49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E19A3D-96D9-4DF2-8E56-E2D917B1A9EA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition."
},
{
"lang": "es",
"value": "Una validaci\u00f3n de entrada inadecuada en Networking Stack de QNX SDP versiones 6.6, 7.0 y 7.1 podr\u00eda permitir que un atacante cause potencialmente la divulgaci\u00f3n de informaci\u00f3n o una condici\u00f3n de denegaci\u00f3n de servicio."
}
],
"id": "CVE-2023-32701",
"lastModified": "2025-09-09T15:15:30.773",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "secure@blackberry.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T19:15:27.163",
"references": [
{
"source": "secure@blackberry.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112401"
}
],
"sourceIdentifier": "secure@blackberry.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1288"
}
],
"source": "secure@blackberry.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-32025
Vulnerability from fkie_nvd - Published: 2022-03-10 17:42 - Updated: 2025-08-22 16:15
Severity ?
8.1 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system.
References
| URL | Tags | ||
|---|---|---|---|
| secure@blackberry.com | http://support.blackberry.com/kb/articleDetail?articleNumber=000090868 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.blackberry.com/kb/articleDetail?articleNumber=000090868 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | qnx_momentics | 6.3.0 | |
| blackberry | qnx_momentics | 6.3.2 | |
| blackberry | qnx_software_development_platform | * | |
| blackberry | qnx_os_for_medical | * | |
| blackberry | qnx_os_for_medical | 2.0.0 | |
| blackberry | qnx_os_for_safety | * | |
| blackberry | qnx_os_for_safety | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:qnx_momentics:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3AC84B1C-6981-4C3D-952E-4F724EFDEF1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:qnx_momentics:6.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44452791-7402-44DD-ADB1-2A36310EB365",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B51E6454-60B6-4913-BCF4-F23C3F1D8722",
"versionEndIncluding": "7.0",
"versionStartIncluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:blackberry:qnx_os_for_medical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC6F8A4-9440-4D3E-8FE8-B5F0A2BB34A2",
"versionEndExcluding": "1.1.2",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:blackberry:qnx_os_for_medical:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6348483-2214-4B7A-A61A-13813A3BC5B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:blackberry:qnx_os_for_safety:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0913E9B4-F15A-4A86-B933-5D237FAA5451",
"versionEndExcluding": "1.0.3",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:blackberry:qnx_os_for_safety:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC0E7C7-275A-4214-8232-725CF8B70EE9",
"versionEndExcluding": "2.0.2",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system."
},
{
"lang": "es",
"value": "Una vulnerabilidad de elevaci\u00f3n de privilegios en el QNX Neutrino Kernel de las versiones afectadas de QNX Software Development Platform versi\u00f3n(es) 6.4.0 a 7.0, QNX Momentics todas las versiones 6.3.x, QNX OS for Safety versiones 1.0.0 a 1.0. 2, QNX OS for Safety versiones 2.0.0 a 2.0.1, QNX for Medical versiones 1.0.0 a 1.1.1, y QNX OS for Medical versi\u00f3n 2.0.0, podr\u00eda permitir a un atacante acceder potencialmente a los datos, modificar el comportamiento o bloquear permanentemente el sistema"
}
],
"id": "CVE-2021-32025",
"lastModified": "2025-08-22T16:15:34.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 6.0,
"source": "secure@blackberry.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-10T17:42:14.083",
"references": [
{
"source": "secure@blackberry.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000090868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000090868"
}
],
"sourceIdentifier": "secure@blackberry.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-368"
}
],
"source": "secure@blackberry.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-2474 (GCVE-0-2025-2474)
Vulnerability from cvelistv5 – Published: 2025-06-10 17:38 – Updated: 2025-06-10 18:24
VLAI?
Summary
Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec.
Severity ?
9.8 (Critical)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BlackBerry | QNX Software Development Platform (SDP) |
Affected:
8.0, 7.1 and 7.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2474",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T18:24:06.689287Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T18:24:20.690Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QNX Software Development Platform (SDP)",
"vendor": "BlackBerry",
"versions": [
{
"status": "affected",
"version": "8.0, 7.1 and 7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOut-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e"
}
],
"value": "Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T17:38:03.661Z",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"url": "https://support.blackberry.com/pkb/s/article/140646"
}
],
"source": {
"advisory": "QNX-2025-001",
"discovery": "UNKNOWN"
},
"title": "Vulnerability in PCX Image Codec Impacts QNX Software Development Platform",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2025-2474",
"datePublished": "2025-06-10T17:38:03.661Z",
"dateReserved": "2025-03-17T19:26:19.347Z",
"dateUpdated": "2025-06-10T18:24:20.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-48858 (GCVE-0-2024-48858)
Vulnerability from cvelistv5 – Published: 2025-01-14 19:09 – Updated: 2025-01-15 15:16
VLAI?
Summary
Improper input validation in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec.
Severity ?
7.5 (High)
CWE
- CWE-1287 - Improper Validation of Specified Type of Input
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BlackBerry | QNX Software Development Platform (SDP) |
Affected:
8.0, 7.1 and 7.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-48858",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-15T15:15:50.564895Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-15T15:16:17.859Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QNX Software Development Platform (SDP)",
"vendor": "BlackBerry",
"versions": [
{
"status": "affected",
"version": "8.0, 7.1 and 7.0"
}
]
}
],
"datePublic": "2025-01-14T18:07:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec."
}
],
"value": "Improper input validation in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287: Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T19:09:59.829Z",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"url": "https://support.blackberry.com/pkb/s/article/140334"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2024-48858",
"datePublished": "2025-01-14T19:09:15.560Z",
"dateReserved": "2024-10-08T17:38:16.157Z",
"dateUpdated": "2025-01-15T15:16:17.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-48857 (GCVE-0-2024-48857)
Vulnerability from cvelistv5 – Published: 2025-01-14 19:06 – Updated: 2025-01-14 19:13
VLAI?
Summary
NULL pointer dereference in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec.
Severity ?
7.5 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BlackBerry | QNX Software Development Platform (SDP) |
Affected:
8.0, 7.1 and 7.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-48857",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T19:13:16.044731Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T19:13:28.840Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QNX Software Development Platform (SDP)",
"vendor": "BlackBerry",
"versions": [
{
"status": "affected",
"version": "8.0, 7.1 and 7.0"
}
]
}
],
"datePublic": "2025-01-14T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "NULL pointer dereference in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec."
}
],
"value": "NULL pointer dereference in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T19:06:38.040Z",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"url": "https://support.blackberry.com/pkb/s/article/140334"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2024-48857",
"datePublished": "2025-01-14T19:06:38.040Z",
"dateReserved": "2024-10-08T17:38:16.157Z",
"dateUpdated": "2025-01-14T19:13:28.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-48856 (GCVE-0-2024-48856)
Vulnerability from cvelistv5 – Published: 2025-01-14 19:03 – Updated: 2025-01-15 15:16
VLAI?
Summary
Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec.
Severity ?
9.8 (Critical)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BlackBerry | QNX Software Development Platform (SDP) |
Affected:
8.0, 7.1 and 7.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-48856",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-15T15:16:34.736897Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-15T15:16:40.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QNX Software Development Platform (SDP)",
"vendor": "BlackBerry",
"versions": [
{
"status": "affected",
"version": "8.0, 7.1 and 7.0"
}
]
}
],
"datePublic": "2025-01-14T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec."
}
],
"value": "Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T19:03:33.883Z",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"url": "https://support.blackberry.com/pkb/s/article/140334"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2024-48856",
"datePublished": "2025-01-14T19:03:33.883Z",
"dateReserved": "2024-10-08T17:38:16.156Z",
"dateUpdated": "2025-01-15T15:16:40.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-48855 (GCVE-0-2024-48855)
Vulnerability from cvelistv5 – Published: 2025-01-14 18:59 – Updated: 2025-02-12 20:31
VLAI?
Summary
Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec.
Severity ?
5.3 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BlackBerry | QNX Software Development Platform (SDP) |
Affected:
8.0, 7.1 and 7.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-48855",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T21:13:23.283874Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:31:19.335Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QNX Software Development Platform (SDP)",
"vendor": "BlackBerry",
"versions": [
{
"status": "affected",
"version": "8.0, 7.1 and 7.0"
}
]
}
],
"datePublic": "2025-01-14T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec."
}
],
"value": "Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T18:59:25.736Z",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"url": "https://support.blackberry.com/pkb/s/article/140334"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2024-48855",
"datePublished": "2025-01-14T18:59:25.736Z",
"dateReserved": "2024-10-08T17:38:16.156Z",
"dateUpdated": "2025-02-12T20:31:19.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-48854 (GCVE-0-2024-48854)
Vulnerability from cvelistv5 – Published: 2025-01-14 18:53 – Updated: 2025-01-14 20:15
VLAI?
Summary
Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec.
Severity ?
5.3 (Medium)
CWE
- CWE-193 - Off-by-one Error
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BlackBerry | QNX Software Development Platform (SDP) |
Affected:
8.0, 7.1 and 7.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-48854",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T20:14:47.798623Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T20:15:07.523Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QNX Software Development Platform (SDP)",
"vendor": "BlackBerry",
"versions": [
{
"status": "affected",
"version": "8.0, 7.1 and 7.0"
}
]
}
],
"datePublic": "2025-01-14T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec."
}
],
"value": "Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193 Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T18:53:25.936Z",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"url": "https://support.blackberry.com/pkb/s/article/140334"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2024-48854",
"datePublished": "2025-01-14T18:53:25.936Z",
"dateReserved": "2024-10-08T17:38:16.156Z",
"dateUpdated": "2025-01-14T20:15:07.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35215 (GCVE-0-2024-35215)
Vulnerability from cvelistv5 – Published: 2024-10-08 17:35 – Updated: 2025-08-22 15:47
VLAI?
Summary
NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Development Platform (SDP) version(s) 7.1 and 7.0 could allow an attacker with local access to cause a denial-of-service condition in the context of the Networking Stack process.
Severity ?
6.2 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BlackBerry | QNX Software Development Platform (SDP) |
Affected:
7.0 , ≤ 7.1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35215",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T18:35:30.013530Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T18:36:04.799Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QNX Software Development Platform (SDP)",
"vendor": "BlackBerry",
"versions": [
{
"lessThanOrEqual": "7.1",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-10-08T17:35:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNULL pointer dereference in IP socket options processing of the Networking Stack \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ein\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e QNX \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSoftware \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDevelopment\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e Platform (\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSDP\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e)\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e version(s) 7.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e1\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e and 7.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e0\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e could allow an attacker \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ewith local access\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e to cause a \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ed\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eenial-of-\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003es\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eervice condition in the context of the \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eN\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eetworking \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eS\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003etack\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e process\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Development Platform (SDP) version(s) 7.1 and 7.0 could allow an attacker with local access to cause a denial-of-service condition in the context of the Networking Stack process."
}
],
"impacts": [
{
"capecId": "CAPEC-549",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-549 Local Execution of Code"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T15:47:01.556Z",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"url": "https://support.blackberry.com/pkb/s/article/140162"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2024-35215",
"datePublished": "2024-10-08T17:35:57.156Z",
"dateReserved": "2024-05-13T21:20:04.328Z",
"dateUpdated": "2025-08-22T15:47:01.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35213 (GCVE-0-2024-35213)
Vulnerability from cvelistv5 – Published: 2024-06-11 18:37 – Updated: 2025-09-09 15:04
VLAI?
Summary
An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing process.
Severity ?
9 (Critical)
CWE
- CWE-1287 - Improper Validation of Specified Type of Input
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BlackBerry | QNX Software Development Platform (SDP) |
Affected:
6.6.0 , ≤ 7.1
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:blackberry:qnx_software_development_platform:6.6.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qnx_software_development_platform",
"vendor": "blackberry",
"versions": [
{
"status": "affected",
"version": "6.6.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:blackberry:qnx_software_development_platform:7.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qnx_software_development_platform",
"vendor": "blackberry",
"versions": [
{
"status": "affected",
"version": "7.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:blackberry:qnx_software_development_platform:7.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qnx_software_development_platform",
"vendor": "blackberry",
"versions": [
{
"status": "affected",
"version": "7.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35213",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-27T20:11:08.511063Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T20:11:10.901Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:07:46.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.blackberry.com/pkb/s/article/139914"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"SGI Image Code"
],
"product": "QNX Software Development Platform (SDP)",
"vendor": "BlackBerry",
"versions": [
{
"lessThanOrEqual": "7.1",
"status": "affected",
"version": "6.6.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-06-11T18:36:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing process."
}
],
"value": "An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing process."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287: Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T15:04:56.924Z",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"url": "https://support.blackberry.com/pkb/s/article/139914"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Vulnerability in SGI Image Codec Impacts BlackBerry QNX Software Development Platform (SDP)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2024-35213",
"datePublished": "2024-06-11T18:37:04.161Z",
"dateReserved": "2024-05-13T21:20:04.327Z",
"dateUpdated": "2025-09-09T15:04:56.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32701 (GCVE-0-2023-32701)
Vulnerability from cvelistv5 – Published: 2023-11-14 18:33 – Updated: 2025-09-09 15:06
VLAI?
Summary
Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition.
Severity ?
7.1 (High)
CWE
- CWE-1288 - Improper Validation of Consistency within Input
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BlackBerry | QNX Software Development Platform (SDP) |
Affected:
6.6.0 , ≤ 7.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:36.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112401"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32701",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T18:05:38.851186Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T18:05:56.808Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Networking Stack"
],
"product": "QNX Software Development Platform (SDP)",
"vendor": "BlackBerry",
"versions": [
{
"lessThanOrEqual": "7.1",
"status": "affected",
"version": "6.6.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-11-14T18:01:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition. \u003cp\u003e\u003c/p\u003e"
}
],
"value": "Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition."
}
],
"impacts": [
{
"capecId": "CAPEC-549",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-549 Local Execution of Code"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1288",
"description": "CWE-1288 Improper Validation of Consistency within Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T15:06:29.621Z",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112401"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Vulnerability in Networking Stack Impacts QNX Software Development Platform (SDP)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2023-32701",
"datePublished": "2023-11-14T18:33:59.148Z",
"dateReserved": "2023-05-11T20:52:48.323Z",
"dateUpdated": "2025-09-09T15:06:29.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32025 (GCVE-0-2021-32025)
Vulnerability from cvelistv5 – Published: 2022-03-09 20:37 – Updated: 2025-08-22 15:36
VLAI?
Summary
An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system.
Severity ?
8.1 (High)
CWE
- Elevation of privilege
- CWE-368 - Context Switching Race Condition
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BlackBerry | QNX Software Development Platform (SDP), QNX OS for Medical (QOSM), and QNX OS for Safety (QOS) |
Affected:
QNX SDP 6.4.0 to 7.0
Affected: QNX Momentics all 6.3.x versions Affected: QNX OS for Safety versions 1.0.0 to 1.0.2 safety products compliant with IEC 61508 and/or ISO 26262 Affected: QNX OS for Safety versions 2.0.0 to 2.0.1 safety products compliant with IEC 61508 and/or ISO 26262 Affected: QNX OS for Medical versions 1.0.0 to 1.1.1 safety products compliant with IEC 62304 Affected: QNX OS for Medical versions 2.0.0 safety product compliant with IEC 62304 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:28.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000090868"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QNX\u202fSoftware Development Platform (SDP), QNX OS for Medical (QOSM), and QNX OS for Safety (QOS)",
"vendor": "BlackBerry",
"versions": [
{
"status": "affected",
"version": "QNX SDP 6.4.0 to 7.0"
},
{
"status": "affected",
"version": "QNX Momentics all 6.3.x versions"
},
{
"status": "affected",
"version": "QNX OS for Safety versions 1.0.0 to 1.0.2 safety products compliant with IEC 61508 and/or ISO 26262"
},
{
"status": "affected",
"version": "QNX OS for Safety versions 2.0.0 to 2.0.1 safety products compliant with IEC 61508 and/or ISO 26262"
},
{
"status": "affected",
"version": "QNX OS for Medical versions 1.0.0 to 1.1.1 safety products compliant with IEC 62304"
},
{
"status": "affected",
"version": "QNX OS for Medical versions 2.0.0 safety product compliant with IEC 62304"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system.\u003c/p\u003e"
}
],
"value": "An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system."
}
],
"impacts": [
{
"capecId": "CAPEC-549",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-549 Local Execution of Code"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-368",
"description": "CWE-368 Context Switching Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T15:36:00.384Z",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000090868"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@blackberry.com",
"ID": "CVE-2021-32025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QNX\u202fSoftware Development Platform (SDP), QNX OS for Medical (QOSM), and QNX OS for Safety (QOS)",
"version": {
"version_data": [
{
"version_value": "QNX SDP 6.4.0 to 7.0"
},
{
"version_value": "QNX Momentics all 6.3.x versions"
},
{
"version_value": "QNX OS for Safety versions 1.0.0 to 1.0.2 safety products compliant with IEC 61508 and/or ISO 26262"
},
{
"version_value": "QNX OS for Safety versions 2.0.0 to 2.0.1 safety products compliant with IEC 61508 and/or ISO 26262"
},
{
"version_value": "QNX OS for Medical versions 1.0.0 to 1.1.1 safety products compliant with IEC 62304"
},
{
"version_value": "QNX OS for Medical versions 2.0.0 safety product compliant with IEC 62304"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000090868",
"refsource": "MISC",
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000090868"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2021-32025",
"datePublished": "2022-03-09T20:37:56",
"dateReserved": "2021-05-03T00:00:00",
"dateUpdated": "2025-08-22T15:36:00.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2474 (GCVE-0-2025-2474)
Vulnerability from nvd – Published: 2025-06-10 17:38 – Updated: 2025-06-10 18:24
VLAI?
Summary
Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec.
Severity ?
9.8 (Critical)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BlackBerry | QNX Software Development Platform (SDP) |
Affected:
8.0, 7.1 and 7.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2474",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T18:24:06.689287Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T18:24:20.690Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QNX Software Development Platform (SDP)",
"vendor": "BlackBerry",
"versions": [
{
"status": "affected",
"version": "8.0, 7.1 and 7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOut-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e"
}
],
"value": "Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T17:38:03.661Z",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"url": "https://support.blackberry.com/pkb/s/article/140646"
}
],
"source": {
"advisory": "QNX-2025-001",
"discovery": "UNKNOWN"
},
"title": "Vulnerability in PCX Image Codec Impacts QNX Software Development Platform",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2025-2474",
"datePublished": "2025-06-10T17:38:03.661Z",
"dateReserved": "2025-03-17T19:26:19.347Z",
"dateUpdated": "2025-06-10T18:24:20.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-48858 (GCVE-0-2024-48858)
Vulnerability from nvd – Published: 2025-01-14 19:09 – Updated: 2025-01-15 15:16
VLAI?
Summary
Improper input validation in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec.
Severity ?
7.5 (High)
CWE
- CWE-1287 - Improper Validation of Specified Type of Input
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BlackBerry | QNX Software Development Platform (SDP) |
Affected:
8.0, 7.1 and 7.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-48858",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-15T15:15:50.564895Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-15T15:16:17.859Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QNX Software Development Platform (SDP)",
"vendor": "BlackBerry",
"versions": [
{
"status": "affected",
"version": "8.0, 7.1 and 7.0"
}
]
}
],
"datePublic": "2025-01-14T18:07:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec."
}
],
"value": "Improper input validation in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287: Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T19:09:59.829Z",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"url": "https://support.blackberry.com/pkb/s/article/140334"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2024-48858",
"datePublished": "2025-01-14T19:09:15.560Z",
"dateReserved": "2024-10-08T17:38:16.157Z",
"dateUpdated": "2025-01-15T15:16:17.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-48857 (GCVE-0-2024-48857)
Vulnerability from nvd – Published: 2025-01-14 19:06 – Updated: 2025-01-14 19:13
VLAI?
Summary
NULL pointer dereference in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec.
Severity ?
7.5 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BlackBerry | QNX Software Development Platform (SDP) |
Affected:
8.0, 7.1 and 7.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-48857",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T19:13:16.044731Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T19:13:28.840Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QNX Software Development Platform (SDP)",
"vendor": "BlackBerry",
"versions": [
{
"status": "affected",
"version": "8.0, 7.1 and 7.0"
}
]
}
],
"datePublic": "2025-01-14T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "NULL pointer dereference in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec."
}
],
"value": "NULL pointer dereference in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T19:06:38.040Z",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"url": "https://support.blackberry.com/pkb/s/article/140334"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2024-48857",
"datePublished": "2025-01-14T19:06:38.040Z",
"dateReserved": "2024-10-08T17:38:16.157Z",
"dateUpdated": "2025-01-14T19:13:28.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-48856 (GCVE-0-2024-48856)
Vulnerability from nvd – Published: 2025-01-14 19:03 – Updated: 2025-01-15 15:16
VLAI?
Summary
Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec.
Severity ?
9.8 (Critical)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BlackBerry | QNX Software Development Platform (SDP) |
Affected:
8.0, 7.1 and 7.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-48856",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-15T15:16:34.736897Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-15T15:16:40.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QNX Software Development Platform (SDP)",
"vendor": "BlackBerry",
"versions": [
{
"status": "affected",
"version": "8.0, 7.1 and 7.0"
}
]
}
],
"datePublic": "2025-01-14T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec."
}
],
"value": "Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T19:03:33.883Z",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"url": "https://support.blackberry.com/pkb/s/article/140334"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2024-48856",
"datePublished": "2025-01-14T19:03:33.883Z",
"dateReserved": "2024-10-08T17:38:16.156Z",
"dateUpdated": "2025-01-15T15:16:40.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-48855 (GCVE-0-2024-48855)
Vulnerability from nvd – Published: 2025-01-14 18:59 – Updated: 2025-02-12 20:31
VLAI?
Summary
Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec.
Severity ?
5.3 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BlackBerry | QNX Software Development Platform (SDP) |
Affected:
8.0, 7.1 and 7.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-48855",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T21:13:23.283874Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:31:19.335Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QNX Software Development Platform (SDP)",
"vendor": "BlackBerry",
"versions": [
{
"status": "affected",
"version": "8.0, 7.1 and 7.0"
}
]
}
],
"datePublic": "2025-01-14T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec."
}
],
"value": "Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T18:59:25.736Z",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"url": "https://support.blackberry.com/pkb/s/article/140334"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2024-48855",
"datePublished": "2025-01-14T18:59:25.736Z",
"dateReserved": "2024-10-08T17:38:16.156Z",
"dateUpdated": "2025-02-12T20:31:19.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-48854 (GCVE-0-2024-48854)
Vulnerability from nvd – Published: 2025-01-14 18:53 – Updated: 2025-01-14 20:15
VLAI?
Summary
Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec.
Severity ?
5.3 (Medium)
CWE
- CWE-193 - Off-by-one Error
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BlackBerry | QNX Software Development Platform (SDP) |
Affected:
8.0, 7.1 and 7.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-48854",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T20:14:47.798623Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T20:15:07.523Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QNX Software Development Platform (SDP)",
"vendor": "BlackBerry",
"versions": [
{
"status": "affected",
"version": "8.0, 7.1 and 7.0"
}
]
}
],
"datePublic": "2025-01-14T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec."
}
],
"value": "Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193 Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T18:53:25.936Z",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"url": "https://support.blackberry.com/pkb/s/article/140334"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2024-48854",
"datePublished": "2025-01-14T18:53:25.936Z",
"dateReserved": "2024-10-08T17:38:16.156Z",
"dateUpdated": "2025-01-14T20:15:07.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35215 (GCVE-0-2024-35215)
Vulnerability from nvd – Published: 2024-10-08 17:35 – Updated: 2025-08-22 15:47
VLAI?
Summary
NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Development Platform (SDP) version(s) 7.1 and 7.0 could allow an attacker with local access to cause a denial-of-service condition in the context of the Networking Stack process.
Severity ?
6.2 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BlackBerry | QNX Software Development Platform (SDP) |
Affected:
7.0 , ≤ 7.1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35215",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T18:35:30.013530Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T18:36:04.799Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QNX Software Development Platform (SDP)",
"vendor": "BlackBerry",
"versions": [
{
"lessThanOrEqual": "7.1",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-10-08T17:35:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNULL pointer dereference in IP socket options processing of the Networking Stack \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ein\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e QNX \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSoftware \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDevelopment\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e Platform (\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSDP\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e)\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e version(s) 7.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e1\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e and 7.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e0\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e could allow an attacker \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ewith local access\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e to cause a \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ed\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eenial-of-\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003es\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eervice condition in the context of the \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eN\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eetworking \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eS\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003etack\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e process\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Development Platform (SDP) version(s) 7.1 and 7.0 could allow an attacker with local access to cause a denial-of-service condition in the context of the Networking Stack process."
}
],
"impacts": [
{
"capecId": "CAPEC-549",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-549 Local Execution of Code"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T15:47:01.556Z",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"url": "https://support.blackberry.com/pkb/s/article/140162"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2024-35215",
"datePublished": "2024-10-08T17:35:57.156Z",
"dateReserved": "2024-05-13T21:20:04.328Z",
"dateUpdated": "2025-08-22T15:47:01.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35213 (GCVE-0-2024-35213)
Vulnerability from nvd – Published: 2024-06-11 18:37 – Updated: 2025-09-09 15:04
VLAI?
Summary
An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing process.
Severity ?
9 (Critical)
CWE
- CWE-1287 - Improper Validation of Specified Type of Input
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BlackBerry | QNX Software Development Platform (SDP) |
Affected:
6.6.0 , ≤ 7.1
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:blackberry:qnx_software_development_platform:6.6.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qnx_software_development_platform",
"vendor": "blackberry",
"versions": [
{
"status": "affected",
"version": "6.6.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:blackberry:qnx_software_development_platform:7.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qnx_software_development_platform",
"vendor": "blackberry",
"versions": [
{
"status": "affected",
"version": "7.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:blackberry:qnx_software_development_platform:7.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qnx_software_development_platform",
"vendor": "blackberry",
"versions": [
{
"status": "affected",
"version": "7.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35213",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-27T20:11:08.511063Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T20:11:10.901Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:07:46.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.blackberry.com/pkb/s/article/139914"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"SGI Image Code"
],
"product": "QNX Software Development Platform (SDP)",
"vendor": "BlackBerry",
"versions": [
{
"lessThanOrEqual": "7.1",
"status": "affected",
"version": "6.6.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-06-11T18:36:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing process."
}
],
"value": "An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing process."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287: Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T15:04:56.924Z",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"url": "https://support.blackberry.com/pkb/s/article/139914"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Vulnerability in SGI Image Codec Impacts BlackBerry QNX Software Development Platform (SDP)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2024-35213",
"datePublished": "2024-06-11T18:37:04.161Z",
"dateReserved": "2024-05-13T21:20:04.327Z",
"dateUpdated": "2025-09-09T15:04:56.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32701 (GCVE-0-2023-32701)
Vulnerability from nvd – Published: 2023-11-14 18:33 – Updated: 2025-09-09 15:06
VLAI?
Summary
Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition.
Severity ?
7.1 (High)
CWE
- CWE-1288 - Improper Validation of Consistency within Input
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BlackBerry | QNX Software Development Platform (SDP) |
Affected:
6.6.0 , ≤ 7.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:36.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112401"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32701",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T18:05:38.851186Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T18:05:56.808Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Networking Stack"
],
"product": "QNX Software Development Platform (SDP)",
"vendor": "BlackBerry",
"versions": [
{
"lessThanOrEqual": "7.1",
"status": "affected",
"version": "6.6.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-11-14T18:01:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition. \u003cp\u003e\u003c/p\u003e"
}
],
"value": "Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition."
}
],
"impacts": [
{
"capecId": "CAPEC-549",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-549 Local Execution of Code"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1288",
"description": "CWE-1288 Improper Validation of Consistency within Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T15:06:29.621Z",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112401"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Vulnerability in Networking Stack Impacts QNX Software Development Platform (SDP)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2023-32701",
"datePublished": "2023-11-14T18:33:59.148Z",
"dateReserved": "2023-05-11T20:52:48.323Z",
"dateUpdated": "2025-09-09T15:06:29.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32025 (GCVE-0-2021-32025)
Vulnerability from nvd – Published: 2022-03-09 20:37 – Updated: 2025-08-22 15:36
VLAI?
Summary
An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system.
Severity ?
8.1 (High)
CWE
- Elevation of privilege
- CWE-368 - Context Switching Race Condition
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BlackBerry | QNX Software Development Platform (SDP), QNX OS for Medical (QOSM), and QNX OS for Safety (QOS) |
Affected:
QNX SDP 6.4.0 to 7.0
Affected: QNX Momentics all 6.3.x versions Affected: QNX OS for Safety versions 1.0.0 to 1.0.2 safety products compliant with IEC 61508 and/or ISO 26262 Affected: QNX OS for Safety versions 2.0.0 to 2.0.1 safety products compliant with IEC 61508 and/or ISO 26262 Affected: QNX OS for Medical versions 1.0.0 to 1.1.1 safety products compliant with IEC 62304 Affected: QNX OS for Medical versions 2.0.0 safety product compliant with IEC 62304 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:28.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000090868"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QNX\u202fSoftware Development Platform (SDP), QNX OS for Medical (QOSM), and QNX OS for Safety (QOS)",
"vendor": "BlackBerry",
"versions": [
{
"status": "affected",
"version": "QNX SDP 6.4.0 to 7.0"
},
{
"status": "affected",
"version": "QNX Momentics all 6.3.x versions"
},
{
"status": "affected",
"version": "QNX OS for Safety versions 1.0.0 to 1.0.2 safety products compliant with IEC 61508 and/or ISO 26262"
},
{
"status": "affected",
"version": "QNX OS for Safety versions 2.0.0 to 2.0.1 safety products compliant with IEC 61508 and/or ISO 26262"
},
{
"status": "affected",
"version": "QNX OS for Medical versions 1.0.0 to 1.1.1 safety products compliant with IEC 62304"
},
{
"status": "affected",
"version": "QNX OS for Medical versions 2.0.0 safety product compliant with IEC 62304"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system.\u003c/p\u003e"
}
],
"value": "An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system."
}
],
"impacts": [
{
"capecId": "CAPEC-549",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-549 Local Execution of Code"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-368",
"description": "CWE-368 Context Switching Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T15:36:00.384Z",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000090868"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@blackberry.com",
"ID": "CVE-2021-32025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QNX\u202fSoftware Development Platform (SDP), QNX OS for Medical (QOSM), and QNX OS for Safety (QOS)",
"version": {
"version_data": [
{
"version_value": "QNX SDP 6.4.0 to 7.0"
},
{
"version_value": "QNX Momentics all 6.3.x versions"
},
{
"version_value": "QNX OS for Safety versions 1.0.0 to 1.0.2 safety products compliant with IEC 61508 and/or ISO 26262"
},
{
"version_value": "QNX OS for Safety versions 2.0.0 to 2.0.1 safety products compliant with IEC 61508 and/or ISO 26262"
},
{
"version_value": "QNX OS for Medical versions 1.0.0 to 1.1.1 safety products compliant with IEC 62304"
},
{
"version_value": "QNX OS for Medical versions 2.0.0 safety product compliant with IEC 62304"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000090868",
"refsource": "MISC",
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000090868"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2021-32025",
"datePublished": "2022-03-09T20:37:56",
"dateReserved": "2021-05-03T00:00:00",
"dateUpdated": "2025-08-22T15:36:00.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}