What is CVE-2024-48854?

CVE-2024-48854 is a medium-severity vulnerability in Blackberry Qnx Software Development Platform (Sdp), classified under Off-by-one Error. CVSS score: 5.3/10. Published 2025-01-14.

How severe is CVE-2024-48854?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Vulnerability in Blackberry Qnx Software Development Platform (Sdp)

CVE-2024-48854

Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec.

EPSS: 0.005 (64.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Blackberry Qnx Software Development Platform (Sdp) — versions 8.0, 7.1 and 7.0

Weakness classification (CWE)

CWE-193 — Off-by-one Error

References

support.blackberry.com/pkb/s/article/140334

Frequently asked questions

What is CVE-2024-48854?: CVE-2024-48854 is a medium-severity vulnerability in Blackberry Qnx Software Development Platform (Sdp), classified under Off-by-one Error. CVSS score: 5.3/10. Published 2025-01-14.
How severe is CVE-2024-48854?: Medium severity. CVSS v3 base score is 5.3 out of 10.