Search

Find a vulnerability

Search criteria

    26 vulnerabilities found for QNX Software Development Platform (SDP) by BlackBerry

    CVE-2025-2474 (GCVE-0-2025-2474)

    Vulnerability from nvd – Published: 2025-06-10 17:38 – Updated: 2025-06-10 18:24
    VLAI
    Title
    Vulnerability in PCX Image Codec Impacts QNX Software Development Platform
    Summary
    Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2474",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-10T18:24:06.689287Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-10T18:24:20.690Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QNX Software Development Platform (SDP)",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0, 7.1 and 7.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOut-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e"
                }
              ],
              "value": "Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-10T17:38:03.661Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "url": "https://support.blackberry.com/pkb/s/article/140646"
            }
          ],
          "source": {
            "advisory": "QNX-2025-001",
            "discovery": "UNKNOWN"
          },
          "title": "Vulnerability in PCX Image Codec Impacts QNX Software Development Platform",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2025-2474",
        "datePublished": "2025-06-10T17:38:03.661Z",
        "dateReserved": "2025-03-17T19:26:19.347Z",
        "dateUpdated": "2025-06-10T18:24:20.690Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-48858 (GCVE-0-2024-48858)

    Vulnerability from nvd – Published: 2025-01-14 19:09 – Updated: 2025-01-15 15:16
    VLAI
    Title
    Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform
    Summary
    Improper input validation in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1287 - Improper Validation of Specified Type of Input
    Assigner
    References
    Impacted products
    Date Public
    2025-01-14 18:07
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-48858",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-15T15:15:50.564895Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-15T15:16:17.859Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QNX Software Development Platform (SDP)",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0, 7.1 and 7.0"
                }
              ]
            }
          ],
          "datePublic": "2025-01-14T18:07:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper input validation in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec."
                }
              ],
              "value": "Improper input validation in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1287",
                  "description": "CWE-1287: Improper Validation of Specified Type of Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-14T19:09:59.829Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "url": "https://support.blackberry.com/pkb/s/article/140334"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2024-48858",
        "datePublished": "2025-01-14T19:09:15.560Z",
        "dateReserved": "2024-10-08T17:38:16.157Z",
        "dateUpdated": "2025-01-15T15:16:17.859Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-48857 (GCVE-0-2024-48857)

    Vulnerability from nvd – Published: 2025-01-14 19:06 – Updated: 2025-01-14 19:13
    VLAI
    Title
    Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform
    Summary
    NULL pointer dereference in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    Impacted products
    Date Public
    2025-01-14 18:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-48857",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T19:13:16.044731Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-14T19:13:28.840Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QNX Software Development Platform (SDP)",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0, 7.1 and 7.0"
                }
              ]
            }
          ],
          "datePublic": "2025-01-14T18:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NULL pointer dereference in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec."
                }
              ],
              "value": "NULL pointer dereference in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-14T19:06:38.040Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "url": "https://support.blackberry.com/pkb/s/article/140334"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2024-48857",
        "datePublished": "2025-01-14T19:06:38.040Z",
        "dateReserved": "2024-10-08T17:38:16.157Z",
        "dateUpdated": "2025-01-14T19:13:28.840Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-48856 (GCVE-0-2024-48856)

    Vulnerability from nvd – Published: 2025-01-14 19:03 – Updated: 2025-01-15 15:16
    VLAI
    Title
    Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform
    Summary
    Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2025-01-14 18:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-48856",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-15T15:16:34.736897Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-15T15:16:40.007Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QNX Software Development Platform (SDP)",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0, 7.1 and 7.0"
                }
              ]
            }
          ],
          "datePublic": "2025-01-14T18:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec."
                }
              ],
              "value": "Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-14T19:03:33.883Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "url": "https://support.blackberry.com/pkb/s/article/140334"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2024-48856",
        "datePublished": "2025-01-14T19:03:33.883Z",
        "dateReserved": "2024-10-08T17:38:16.156Z",
        "dateUpdated": "2025-01-15T15:16:40.007Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-48855 (GCVE-0-2024-48855)

    Vulnerability from nvd – Published: 2025-01-14 18:59 – Updated: 2025-02-12 20:31
    VLAI
    Title
    Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform
    Summary
    Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2025-01-14 18:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-48855",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T21:13:23.283874Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T20:31:19.335Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QNX Software Development Platform (SDP)",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0, 7.1 and 7.0"
                }
              ]
            }
          ],
          "datePublic": "2025-01-14T18:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec."
                }
              ],
              "value": "Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-14T18:59:25.736Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "url": "https://support.blackberry.com/pkb/s/article/140334"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2024-48855",
        "datePublished": "2025-01-14T18:59:25.736Z",
        "dateReserved": "2024-10-08T17:38:16.156Z",
        "dateUpdated": "2025-02-12T20:31:19.335Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-48854 (GCVE-0-2024-48854)

    Vulnerability from nvd – Published: 2025-01-14 18:53 – Updated: 2025-01-14 20:15
    VLAI
    Title
    Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform
    Summary
    Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2025-01-14 18:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-48854",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T20:14:47.798623Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-14T20:15:07.523Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QNX Software Development Platform (SDP)",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0, 7.1 and 7.0"
                }
              ]
            }
          ],
          "datePublic": "2025-01-14T18:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec."
                }
              ],
              "value": "Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-193",
                  "description": "CWE-193 Off-by-one Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-14T18:53:25.936Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "url": "https://support.blackberry.com/pkb/s/article/140334"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2024-48854",
        "datePublished": "2025-01-14T18:53:25.936Z",
        "dateReserved": "2024-10-08T17:38:16.156Z",
        "dateUpdated": "2025-01-14T20:15:07.523Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-35215 (GCVE-0-2024-35215)

    Vulnerability from nvd – Published: 2024-10-08 17:35 – Updated: 2025-08-22 15:47
    VLAI
    Summary
    NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Development Platform (SDP) version(s) 7.1 and 7.0 could allow an attacker with local access to cause a denial-of-service condition in the context of the Networking Stack process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    Impacted products
    Date Public
    2024-10-08 17:35
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-35215",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T18:35:30.013530Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T18:36:04.799Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QNX Software Development Platform (SDP)",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "lessThanOrEqual": "7.1",
                  "status": "affected",
                  "version": "7.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2024-10-08T17:35:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNULL pointer dereference in IP socket options processing of the Networking Stack \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ein\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e QNX \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSoftware \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDevelopment\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e Platform (\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSDP\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e)\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e version(s) 7.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e1\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e and 7.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e0\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e could allow an attacker \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ewith local access\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e to cause a \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ed\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eenial-of-\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003es\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eervice condition in the context of the \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eN\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eetworking \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eS\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003etack\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e process\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Development Platform (SDP) version(s) 7.1 and 7.0 could allow an attacker with local access to cause a denial-of-service condition in the context of the Networking Stack process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-549",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-549 Local Execution of Code"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-22T15:47:01.556Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "url": "https://support.blackberry.com/pkb/s/article/140162"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2024-35215",
        "datePublished": "2024-10-08T17:35:57.156Z",
        "dateReserved": "2024-05-13T21:20:04.328Z",
        "dateUpdated": "2025-08-22T15:47:01.556Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-35213 (GCVE-0-2024-35213)

    Vulnerability from nvd – Published: 2024-06-11 18:37 – Updated: 2025-09-09 15:04
    VLAI
    Title
    Vulnerability in SGI Image Codec Impacts BlackBerry QNX Software Development Platform (SDP)
    Summary
    An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1287 - Improper Validation of Specified Type of Input
    Assigner
    References
    Impacted products
    Vendor Product Version
    BlackBerry QNX Software Development Platform (SDP) Affected: 6.6.0 , ≤ 7.1 (custom)
    Create a notification for this product.
    blackberry qnx_software_development_platform Affected: 6.6.0
        cpe:2.3:a:blackberry:qnx_software_development_platform:6.6.0:*:*:*:*:*:*:*
    Create a notification for this product.
    blackberry qnx_software_development_platform Affected: 7.0
        cpe:2.3:a:blackberry:qnx_software_development_platform:7.0:*:*:*:*:*:*:*
    Create a notification for this product.
    blackberry qnx_software_development_platform Affected: 7.1
        cpe:2.3:a:blackberry:qnx_software_development_platform:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-06-11 18:36
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:blackberry:qnx_software_development_platform:6.6.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "qnx_software_development_platform",
                "vendor": "blackberry",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.6.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:blackberry:qnx_software_development_platform:7.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "qnx_software_development_platform",
                "vendor": "blackberry",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:blackberry:qnx_software_development_platform:7.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "qnx_software_development_platform",
                "vendor": "blackberry",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.1"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-35213",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-27T20:11:08.511063Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-27T20:11:10.901Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T03:07:46.687Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.blackberry.com/pkb/s/article/139914"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "SGI Image Code"
              ],
              "product": "QNX Software Development Platform (SDP)",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "lessThanOrEqual": "7.1",
                  "status": "affected",
                  "version": "6.6.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2024-06-11T18:36:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing process."
                }
              ],
              "value": "An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1287",
                  "description": "CWE-1287: Improper Validation of Specified Type of Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-09T15:04:56.924Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "url": "https://support.blackberry.com/pkb/s/article/139914"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Vulnerability in SGI Image Codec Impacts BlackBerry QNX Software Development Platform (SDP)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2024-35213",
        "datePublished": "2024-06-11T18:37:04.161Z",
        "dateReserved": "2024-05-13T21:20:04.327Z",
        "dateUpdated": "2025-09-09T15:04:56.924Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32701 (GCVE-0-2023-32701)

    Vulnerability from nvd – Published: 2023-11-14 18:33 – Updated: 2025-09-09 15:06
    VLAI
    Title
    Vulnerability in Networking Stack Impacts QNX Software Development Platform (SDP)
    Summary
    Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1288 - Improper Validation of Consistency within Input
    Assigner
    Impacted products
    Vendor Product Version
    BlackBerry QNX Software Development Platform (SDP) Affected: 6.6.0 , ≤ 7.1 (custom)
    Create a notification for this product.
    Date Public
    2023-11-14 18:01
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:25:36.816Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112401"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32701",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-30T18:05:38.851186Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-30T18:05:56.808Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Networking Stack"
              ],
              "product": "QNX Software Development Platform (SDP)",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "lessThanOrEqual": "7.1",
                  "status": "affected",
                  "version": "6.6.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2023-11-14T18:01:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition. \u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-549",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-549 Local Execution of Code"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1288",
                  "description": "CWE-1288 Improper Validation of Consistency within Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-09T15:06:29.621Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112401"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Vulnerability in Networking Stack Impacts QNX Software Development Platform (SDP)",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2023-32701",
        "datePublished": "2023-11-14T18:33:59.148Z",
        "dateReserved": "2023-05-11T20:52:48.323Z",
        "dateUpdated": "2025-09-09T15:06:29.621Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-32024 (GCVE-0-2021-32024)

    Vulnerability from nvd – Published: 2021-12-13 18:06 – Updated: 2025-09-09 15:07
    VLAI
    Summary
    A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process.
    CWE
    • CWE-1287 - Improper Validation of Specified Type of Input
    Assigner
    References
    Impacted products
    Vendor Product Version
    BlackBerry QNX Software Development Platform (SDP) Affected: 6.4.0 , ≤ 6.6.0 (custom)
    Affected: 7.0 , ≤ 7.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:17:27.925Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000089042"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QNX Software Development Platform (SDP)",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "lessThanOrEqual": "6.6.0",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "7.1",
                  "status": "affected",
                  "version": "7.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process.\u003c/p\u003e"
                }
              ],
              "value": "A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "6.4.0 through 6.6.0"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "7.0 through 7.1"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1287",
                  "description": "CWE-1287: Improper Validation of Specified Type of Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-09T15:07:31.697Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000089042"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@blackberry.com",
              "ID": "CVE-2021-32024",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BlackBerry QNX Software Development Platform (SDP)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "QNX SDP 6.4 to 7.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000089042",
                  "refsource": "MISC",
                  "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000089042"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2021-32024",
        "datePublished": "2021-12-13T18:06:24.000Z",
        "dateReserved": "2021-05-03T00:00:00.000Z",
        "dateUpdated": "2025-09-09T15:07:31.697Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-6932 (GCVE-0-2020-6932)

    Vulnerability from nvd – Published: 2020-08-12 12:21 – Updated: 2025-08-22 15:16
    VLAI
    Summary
    An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to potentially read arbitrary files and run arbitrary executables in the context of the web server.
    CWE
    • CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences
    Assigner
    References
    Impacted products
    Vendor Product Version
    BlackBerry QNX Software Development Platform (SDP) Affected: 6.4.0 , ≤ 6.6.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:18:01.477Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000061411"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QNX Software Development Platform (SDP)",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "lessThanOrEqual": "6.6.0",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to potentially read arbitrary files and run arbitrary executables in the context of the web server.\u003c/p\u003e"
                }
              ],
              "value": "An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to potentially read arbitrary files and run arbitrary executables in the context of the web server."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-64",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-150",
                  "description": "CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-22T15:16:18.943Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000061411"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@blackberry.com",
              "ID": "CVE-2020-6932",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to potentially read arbitrary files and run arbitrary executables in the context of the web server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000061411",
                  "refsource": "MISC",
                  "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000061411"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2020-6932",
        "datePublished": "2020-08-12T12:21:32.000Z",
        "dateReserved": "2020-01-13T00:00:00.000Z",
        "dateUpdated": "2025-08-22T15:16:18.943Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-9369 (GCVE-0-2017-9369)

    Vulnerability from nvd – Published: 2017-11-14 21:00 – Updated: 2025-08-26 17:30
    VLAI
    Summary
    In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by manipulating environment variables that influence the loader.
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    BlackBerry QNX Software Development Platform (SDP) Affected: 6.6.0
    Affected: 6.5.0 SP1 and earlier
    Create a notification for this product.
    Date Public
    2017-11-14 05:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:02:44.381Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QNX Software Development Platform (SDP)",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.6.0"
                },
                {
                  "status": "affected",
                  "version": "6.5.0 SP1 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2017-11-14T05:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIn BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by manipulating environment variables that influence the loader.\u003c/p\u003e"
                }
              ],
              "value": "In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by manipulating environment variables that influence the loader."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-13",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-13 Subverting Environment Variable Values"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-26T17:30:03.762Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@blackberry.com",
              "DATE_PUBLIC": "2017-11-14T00:00:00",
              "ID": "CVE-2017-9369",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "QNX Software Development Platform (QNX SDP)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.6.0"
                              },
                              {
                                "version_value": "6.5.0 SP1 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "BlackBerry"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by manipulating environment variables that influence the loader."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information disclosure across privilege barriers."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674",
                  "refsource": "CONFIRM",
                  "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2017-9369",
        "datePublished": "2017-11-14T21:00:00.000Z",
        "dateReserved": "2017-06-02T00:00:00.000Z",
        "dateUpdated": "2025-08-26T17:30:03.762Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3892 (GCVE-0-2017-3892)

    Vulnerability from nvd – Published: 2017-11-14 21:00 – Updated: 2025-08-26 17:27
    VLAI
    Summary
    In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack by executing commands targeting procfs resources.
    CWE
    • Information disclosure
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Date Public
    2017-11-14 05:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.193Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QNX Software Development Platform (SDP)",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.6.0"
                }
              ]
            }
          ],
          "datePublic": "2017-11-14T05:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIn BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack by executing commands targeting procfs resources.\u003c/p\u003e"
                }
              ],
              "value": "In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack by executing commands targeting procfs resources."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-116",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-116 Excavation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information disclosure",
                  "lang": "en"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-26T17:27:35.177Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@blackberry.com",
              "DATE_PUBLIC": "2017-11-14T00:00:00",
              "ID": "CVE-2017-3892",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "QNX Software Development Platform (QNX SDP)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.6.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "BlackBerry"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack by executing commands targeting procfs resources."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674",
                  "refsource": "CONFIRM",
                  "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2017-3892",
        "datePublished": "2017-11-14T21:00:00.000Z",
        "dateReserved": "2016-12-21T00:00:00.000Z",
        "dateUpdated": "2025-08-26T17:27:35.177Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2474 (GCVE-0-2025-2474)

    Vulnerability from cvelistv5 – Published: 2025-06-10 17:38 – Updated: 2025-06-10 18:24
    VLAI
    Title
    Vulnerability in PCX Image Codec Impacts QNX Software Development Platform
    Summary
    Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2474",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-10T18:24:06.689287Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-10T18:24:20.690Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QNX Software Development Platform (SDP)",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0, 7.1 and 7.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOut-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e"
                }
              ],
              "value": "Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-10T17:38:03.661Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "url": "https://support.blackberry.com/pkb/s/article/140646"
            }
          ],
          "source": {
            "advisory": "QNX-2025-001",
            "discovery": "UNKNOWN"
          },
          "title": "Vulnerability in PCX Image Codec Impacts QNX Software Development Platform",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2025-2474",
        "datePublished": "2025-06-10T17:38:03.661Z",
        "dateReserved": "2025-03-17T19:26:19.347Z",
        "dateUpdated": "2025-06-10T18:24:20.690Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-48858 (GCVE-0-2024-48858)

    Vulnerability from cvelistv5 – Published: 2025-01-14 19:09 – Updated: 2025-01-15 15:16
    VLAI
    Title
    Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform
    Summary
    Improper input validation in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1287 - Improper Validation of Specified Type of Input
    Assigner
    References
    Impacted products
    Date Public
    2025-01-14 18:07
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-48858",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-15T15:15:50.564895Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-15T15:16:17.859Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QNX Software Development Platform (SDP)",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0, 7.1 and 7.0"
                }
              ]
            }
          ],
          "datePublic": "2025-01-14T18:07:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper input validation in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec."
                }
              ],
              "value": "Improper input validation in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1287",
                  "description": "CWE-1287: Improper Validation of Specified Type of Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-14T19:09:59.829Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "url": "https://support.blackberry.com/pkb/s/article/140334"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2024-48858",
        "datePublished": "2025-01-14T19:09:15.560Z",
        "dateReserved": "2024-10-08T17:38:16.157Z",
        "dateUpdated": "2025-01-15T15:16:17.859Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-48857 (GCVE-0-2024-48857)

    Vulnerability from cvelistv5 – Published: 2025-01-14 19:06 – Updated: 2025-01-14 19:13
    VLAI
    Title
    Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform
    Summary
    NULL pointer dereference in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    Impacted products
    Date Public
    2025-01-14 18:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-48857",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T19:13:16.044731Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-14T19:13:28.840Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QNX Software Development Platform (SDP)",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0, 7.1 and 7.0"
                }
              ]
            }
          ],
          "datePublic": "2025-01-14T18:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NULL pointer dereference in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec."
                }
              ],
              "value": "NULL pointer dereference in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-14T19:06:38.040Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "url": "https://support.blackberry.com/pkb/s/article/140334"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2024-48857",
        "datePublished": "2025-01-14T19:06:38.040Z",
        "dateReserved": "2024-10-08T17:38:16.157Z",
        "dateUpdated": "2025-01-14T19:13:28.840Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-48856 (GCVE-0-2024-48856)

    Vulnerability from cvelistv5 – Published: 2025-01-14 19:03 – Updated: 2025-01-15 15:16
    VLAI
    Title
    Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform
    Summary
    Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2025-01-14 18:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-48856",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-15T15:16:34.736897Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-15T15:16:40.007Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QNX Software Development Platform (SDP)",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0, 7.1 and 7.0"
                }
              ]
            }
          ],
          "datePublic": "2025-01-14T18:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec."
                }
              ],
              "value": "Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-14T19:03:33.883Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "url": "https://support.blackberry.com/pkb/s/article/140334"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2024-48856",
        "datePublished": "2025-01-14T19:03:33.883Z",
        "dateReserved": "2024-10-08T17:38:16.156Z",
        "dateUpdated": "2025-01-15T15:16:40.007Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-48855 (GCVE-0-2024-48855)

    Vulnerability from cvelistv5 – Published: 2025-01-14 18:59 – Updated: 2025-02-12 20:31
    VLAI
    Title
    Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform
    Summary
    Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2025-01-14 18:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-48855",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T21:13:23.283874Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T20:31:19.335Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QNX Software Development Platform (SDP)",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0, 7.1 and 7.0"
                }
              ]
            }
          ],
          "datePublic": "2025-01-14T18:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec."
                }
              ],
              "value": "Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-14T18:59:25.736Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "url": "https://support.blackberry.com/pkb/s/article/140334"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2024-48855",
        "datePublished": "2025-01-14T18:59:25.736Z",
        "dateReserved": "2024-10-08T17:38:16.156Z",
        "dateUpdated": "2025-02-12T20:31:19.335Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-48854 (GCVE-0-2024-48854)

    Vulnerability from cvelistv5 – Published: 2025-01-14 18:53 – Updated: 2025-01-14 20:15
    VLAI
    Title
    Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform
    Summary
    Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2025-01-14 18:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-48854",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T20:14:47.798623Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-14T20:15:07.523Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QNX Software Development Platform (SDP)",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0, 7.1 and 7.0"
                }
              ]
            }
          ],
          "datePublic": "2025-01-14T18:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec."
                }
              ],
              "value": "Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-193",
                  "description": "CWE-193 Off-by-one Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-14T18:53:25.936Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "url": "https://support.blackberry.com/pkb/s/article/140334"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2024-48854",
        "datePublished": "2025-01-14T18:53:25.936Z",
        "dateReserved": "2024-10-08T17:38:16.156Z",
        "dateUpdated": "2025-01-14T20:15:07.523Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-35215 (GCVE-0-2024-35215)

    Vulnerability from cvelistv5 – Published: 2024-10-08 17:35 – Updated: 2025-08-22 15:47
    VLAI
    Summary
    NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Development Platform (SDP) version(s) 7.1 and 7.0 could allow an attacker with local access to cause a denial-of-service condition in the context of the Networking Stack process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    Impacted products
    Date Public
    2024-10-08 17:35
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-35215",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T18:35:30.013530Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T18:36:04.799Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QNX Software Development Platform (SDP)",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "lessThanOrEqual": "7.1",
                  "status": "affected",
                  "version": "7.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2024-10-08T17:35:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNULL pointer dereference in IP socket options processing of the Networking Stack \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ein\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e QNX \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSoftware \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDevelopment\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e Platform (\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSDP\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e)\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e version(s) 7.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e1\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e and 7.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e0\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e could allow an attacker \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ewith local access\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e to cause a \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ed\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eenial-of-\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003es\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eervice condition in the context of the \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eN\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eetworking \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eS\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003etack\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e process\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Development Platform (SDP) version(s) 7.1 and 7.0 could allow an attacker with local access to cause a denial-of-service condition in the context of the Networking Stack process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-549",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-549 Local Execution of Code"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-22T15:47:01.556Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "url": "https://support.blackberry.com/pkb/s/article/140162"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2024-35215",
        "datePublished": "2024-10-08T17:35:57.156Z",
        "dateReserved": "2024-05-13T21:20:04.328Z",
        "dateUpdated": "2025-08-22T15:47:01.556Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-35213 (GCVE-0-2024-35213)

    Vulnerability from cvelistv5 – Published: 2024-06-11 18:37 – Updated: 2025-09-09 15:04
    VLAI
    Title
    Vulnerability in SGI Image Codec Impacts BlackBerry QNX Software Development Platform (SDP)
    Summary
    An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1287 - Improper Validation of Specified Type of Input
    Assigner
    References
    Impacted products
    Vendor Product Version
    BlackBerry QNX Software Development Platform (SDP) Affected: 6.6.0 , ≤ 7.1 (custom)
    Create a notification for this product.
    blackberry qnx_software_development_platform Affected: 6.6.0
        cpe:2.3:a:blackberry:qnx_software_development_platform:6.6.0:*:*:*:*:*:*:*
    Create a notification for this product.
    blackberry qnx_software_development_platform Affected: 7.0
        cpe:2.3:a:blackberry:qnx_software_development_platform:7.0:*:*:*:*:*:*:*
    Create a notification for this product.
    blackberry qnx_software_development_platform Affected: 7.1
        cpe:2.3:a:blackberry:qnx_software_development_platform:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-06-11 18:36
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:blackberry:qnx_software_development_platform:6.6.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "qnx_software_development_platform",
                "vendor": "blackberry",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.6.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:blackberry:qnx_software_development_platform:7.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "qnx_software_development_platform",
                "vendor": "blackberry",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:blackberry:qnx_software_development_platform:7.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "qnx_software_development_platform",
                "vendor": "blackberry",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.1"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-35213",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-27T20:11:08.511063Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-27T20:11:10.901Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T03:07:46.687Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.blackberry.com/pkb/s/article/139914"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "SGI Image Code"
              ],
              "product": "QNX Software Development Platform (SDP)",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "lessThanOrEqual": "7.1",
                  "status": "affected",
                  "version": "6.6.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2024-06-11T18:36:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing process."
                }
              ],
              "value": "An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1287",
                  "description": "CWE-1287: Improper Validation of Specified Type of Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-09T15:04:56.924Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "url": "https://support.blackberry.com/pkb/s/article/139914"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Vulnerability in SGI Image Codec Impacts BlackBerry QNX Software Development Platform (SDP)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2024-35213",
        "datePublished": "2024-06-11T18:37:04.161Z",
        "dateReserved": "2024-05-13T21:20:04.327Z",
        "dateUpdated": "2025-09-09T15:04:56.924Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32701 (GCVE-0-2023-32701)

    Vulnerability from cvelistv5 – Published: 2023-11-14 18:33 – Updated: 2025-09-09 15:06
    VLAI
    Title
    Vulnerability in Networking Stack Impacts QNX Software Development Platform (SDP)
    Summary
    Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1288 - Improper Validation of Consistency within Input
    Assigner
    Impacted products
    Vendor Product Version
    BlackBerry QNX Software Development Platform (SDP) Affected: 6.6.0 , ≤ 7.1 (custom)
    Create a notification for this product.
    Date Public
    2023-11-14 18:01
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:25:36.816Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112401"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32701",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-30T18:05:38.851186Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-30T18:05:56.808Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Networking Stack"
              ],
              "product": "QNX Software Development Platform (SDP)",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "lessThanOrEqual": "7.1",
                  "status": "affected",
                  "version": "6.6.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2023-11-14T18:01:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition. \u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-549",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-549 Local Execution of Code"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1288",
                  "description": "CWE-1288 Improper Validation of Consistency within Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-09T15:06:29.621Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112401"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Vulnerability in Networking Stack Impacts QNX Software Development Platform (SDP)",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2023-32701",
        "datePublished": "2023-11-14T18:33:59.148Z",
        "dateReserved": "2023-05-11T20:52:48.323Z",
        "dateUpdated": "2025-09-09T15:06:29.621Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-32024 (GCVE-0-2021-32024)

    Vulnerability from cvelistv5 – Published: 2021-12-13 18:06 – Updated: 2025-09-09 15:07
    VLAI
    Summary
    A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process.
    CWE
    • CWE-1287 - Improper Validation of Specified Type of Input
    Assigner
    References
    Impacted products
    Vendor Product Version
    BlackBerry QNX Software Development Platform (SDP) Affected: 6.4.0 , ≤ 6.6.0 (custom)
    Affected: 7.0 , ≤ 7.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:17:27.925Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000089042"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QNX Software Development Platform (SDP)",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "lessThanOrEqual": "6.6.0",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "7.1",
                  "status": "affected",
                  "version": "7.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process.\u003c/p\u003e"
                }
              ],
              "value": "A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "6.4.0 through 6.6.0"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "7.0 through 7.1"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1287",
                  "description": "CWE-1287: Improper Validation of Specified Type of Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-09T15:07:31.697Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000089042"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@blackberry.com",
              "ID": "CVE-2021-32024",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BlackBerry QNX Software Development Platform (SDP)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "QNX SDP 6.4 to 7.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000089042",
                  "refsource": "MISC",
                  "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000089042"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2021-32024",
        "datePublished": "2021-12-13T18:06:24.000Z",
        "dateReserved": "2021-05-03T00:00:00.000Z",
        "dateUpdated": "2025-09-09T15:07:31.697Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-6932 (GCVE-0-2020-6932)

    Vulnerability from cvelistv5 – Published: 2020-08-12 12:21 – Updated: 2025-08-22 15:16
    VLAI
    Summary
    An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to potentially read arbitrary files and run arbitrary executables in the context of the web server.
    CWE
    • CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences
    Assigner
    References
    Impacted products
    Vendor Product Version
    BlackBerry QNX Software Development Platform (SDP) Affected: 6.4.0 , ≤ 6.6.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:18:01.477Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000061411"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QNX Software Development Platform (SDP)",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "lessThanOrEqual": "6.6.0",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to potentially read arbitrary files and run arbitrary executables in the context of the web server.\u003c/p\u003e"
                }
              ],
              "value": "An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to potentially read arbitrary files and run arbitrary executables in the context of the web server."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-64",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-150",
                  "description": "CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-22T15:16:18.943Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000061411"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@blackberry.com",
              "ID": "CVE-2020-6932",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to potentially read arbitrary files and run arbitrary executables in the context of the web server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000061411",
                  "refsource": "MISC",
                  "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000061411"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2020-6932",
        "datePublished": "2020-08-12T12:21:32.000Z",
        "dateReserved": "2020-01-13T00:00:00.000Z",
        "dateUpdated": "2025-08-22T15:16:18.943Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3892 (GCVE-0-2017-3892)

    Vulnerability from cvelistv5 – Published: 2017-11-14 21:00 – Updated: 2025-08-26 17:27
    VLAI
    Summary
    In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack by executing commands targeting procfs resources.
    CWE
    • Information disclosure
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Date Public
    2017-11-14 05:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.193Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QNX Software Development Platform (SDP)",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.6.0"
                }
              ]
            }
          ],
          "datePublic": "2017-11-14T05:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIn BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack by executing commands targeting procfs resources.\u003c/p\u003e"
                }
              ],
              "value": "In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack by executing commands targeting procfs resources."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-116",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-116 Excavation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information disclosure",
                  "lang": "en"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-26T17:27:35.177Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@blackberry.com",
              "DATE_PUBLIC": "2017-11-14T00:00:00",
              "ID": "CVE-2017-3892",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "QNX Software Development Platform (QNX SDP)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.6.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "BlackBerry"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack by executing commands targeting procfs resources."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674",
                  "refsource": "CONFIRM",
                  "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2017-3892",
        "datePublished": "2017-11-14T21:00:00.000Z",
        "dateReserved": "2016-12-21T00:00:00.000Z",
        "dateUpdated": "2025-08-26T17:27:35.177Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-9369 (GCVE-0-2017-9369)

    Vulnerability from cvelistv5 – Published: 2017-11-14 21:00 – Updated: 2025-08-26 17:30
    VLAI
    Summary
    In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by manipulating environment variables that influence the loader.
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    BlackBerry QNX Software Development Platform (SDP) Affected: 6.6.0
    Affected: 6.5.0 SP1 and earlier
    Create a notification for this product.
    Date Public
    2017-11-14 05:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:02:44.381Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QNX Software Development Platform (SDP)",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.6.0"
                },
                {
                  "status": "affected",
                  "version": "6.5.0 SP1 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2017-11-14T05:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIn BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by manipulating environment variables that influence the loader.\u003c/p\u003e"
                }
              ],
              "value": "In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by manipulating environment variables that influence the loader."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-13",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-13 Subverting Environment Variable Values"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-26T17:30:03.762Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@blackberry.com",
              "DATE_PUBLIC": "2017-11-14T00:00:00",
              "ID": "CVE-2017-9369",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "QNX Software Development Platform (QNX SDP)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.6.0"
                              },
                              {
                                "version_value": "6.5.0 SP1 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "BlackBerry"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by manipulating environment variables that influence the loader."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information disclosure across privilege barriers."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674",
                  "refsource": "CONFIRM",
                  "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2017-9369",
        "datePublished": "2017-11-14T21:00:00.000Z",
        "dateReserved": "2017-06-02T00:00:00.000Z",
        "dateUpdated": "2025-08-26T17:30:03.762Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }