{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-48855","assignerOrgId":"dbe78b00-5e7b-4fda-8748-329789ecfc5c","state":"PUBLISHED","assignerShortName":"blackberry","dateReserved":"2024-10-08T17:38:16.156Z","datePublished":"2025-01-14T18:59:25.736Z","dateUpdated":"2025-02-12T20:31:19.335Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"QNX Software Development Platform (SDP)","vendor":"BlackBerry","versions":[{"status":"affected","version":"8.0, 7.1 and 7.0"}]}],"datePublic":"2025-01-14T18:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec."}],"value":"Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec."}],"impacts":[{"capecId":"CAPEC-153","descriptions":[{"lang":"en","value":"CAPEC-153 Input Data Manipulation"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-125","description":"CWE-125 Out-of-bounds Read","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"dbe78b00-5e7b-4fda-8748-329789ecfc5c","shortName":"blackberry","dateUpdated":"2025-01-14T18:59:25.736Z"},"references":[{"url":"https://support.blackberry.com/pkb/s/article/140334"}],"source":{"discovery":"UNKNOWN"},"title":"Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-48855","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2025-01-14T21:13:23.283874Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-02-12T20:31:19.335Z"}}]}}