{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-48854", "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "state": "PUBLISHED", "assignerShortName": "blackberry", "dateReserved": "2024-10-08T17:38:16.156Z", "datePublished": "2025-01-14T18:53:25.936Z", "dateUpdated": "2025-01-14T20:15:07.523Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "QNX Software Development Platform (SDP)", "vendor": "BlackBerry", "versions": [{"status": "affected", "version": "8.0, 7.1 and 7.0"}]}], "datePublic": "2025-01-14T18:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec."}], "value": "Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec."}], "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153 Input Data Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-193", "description": "CWE-193 Off-by-one Error", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "shortName": "blackberry", "dateUpdated": "2025-01-14T18:53:25.936Z"}, "references": [{"url": "https://support.blackberry.com/pkb/s/article/140334"}], "source": {"discovery": "UNKNOWN"}, "title": "Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-14T20:14:47.798623Z", "id": "CVE-2024-48854", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-14T20:15:07.523Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-48854", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-14T20:14:47.798623Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-14T20:15:00.519Z"}}], "cna": {"title": "Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153 Input Data Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "BlackBerry", "product": "QNX Software Development Platform (SDP)", "versions": [{"status": "affected", "version": "8.0, 7.1 and 7.0"}], "defaultStatus": "unaffected"}], "datePublic": "2025-01-14T18:00:00.000Z", "references": [{"url": "https://support.blackberry.com/pkb/s/article/140334"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec.", "supportingMedia": [{"type": "text/html", "value": "Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-193", "description": "CWE-193 Off-by-one Error"}]}], "providerMetadata": {"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "shortName": "blackberry", "dateUpdated": "2025-01-14T18:53:25.936Z"}}}, "cveMetadata": {"cveId": "CVE-2024-48854", "state": "PUBLISHED", "dateUpdated": "2025-01-14T20:15:07.523Z", "dateReserved": "2024-10-08T17:38:16.156Z", "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "datePublished": "2025-01-14T18:53:25.936Z", "assignerShortName": "blackberry"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec."}], "id": "CVE-2024-48854", "lastModified": "2025-01-14T19:15:31.267", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "secure@blackberry.com", "type": "Secondary"}]}, "published": "2025-01-14T19:15:31.267", "references": [{"source": "secure@blackberry.com", "url": "https://support.blackberry.com/pkb/s/article/140334"}], "sourceIdentifier": "secure@blackberry.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-193"}], "source": "secure@blackberry.com", "type": "Secondary"}]}

{}