{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-48854","assignerOrgId":"dbe78b00-5e7b-4fda-8748-329789ecfc5c","state":"PUBLISHED","assignerShortName":"blackberry","dateReserved":"2024-10-08T17:38:16.156Z","datePublished":"2025-01-14T18:53:25.936Z","dateUpdated":"2025-01-14T20:15:07.523Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"QNX Software Development Platform (SDP)","vendor":"BlackBerry","versions":[{"status":"affected","version":"8.0, 7.1 and 7.0"}]}],"datePublic":"2025-01-14T18:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec."}],"value":"Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec."}],"impacts":[{"capecId":"CAPEC-153","descriptions":[{"lang":"en","value":"CAPEC-153 Input Data Manipulation"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-193","description":"CWE-193 Off-by-one Error","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"dbe78b00-5e7b-4fda-8748-329789ecfc5c","shortName":"blackberry","dateUpdated":"2025-01-14T18:53:25.936Z"},"references":[{"url":"https://support.blackberry.com/pkb/s/article/140334"}],"source":{"discovery":"UNKNOWN"},"title":"Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-01-14T20:14:47.798623Z","id":"CVE-2024-48854","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-01-14T20:15:07.523Z"}}]}}