nvd-json-data-feeds/CVE-2024/CVE-2024-488xx/CVE-2024-48855.json

{
  "id": "CVE-2024-48855",
  "sourceIdentifier": "secure@blackberry.com",
  "published": "2025-01-14T19:15:31.413",
  "lastModified": "2025-01-21T18:07:12.777",
  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec."
    },
    {
      "lang": "es",
      "value": "La lectura de fuera de los l\u00edmites en el c\u00f3dec de imagen TIFF en las versiones 8.0, 7.1 y 7.0 de QNX SDP podr\u00eda permitir que un atacante no autenticado provoque una divulgaci\u00f3n de informaci\u00f3n en el contexto del proceso que utiliza el c\u00f3dec de imagen."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "secure@blackberry.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4
      },
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "secure@blackberry.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ]
    },
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "058D8A14-E99C-4AA9-BE27-794B8D8B9E49"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0E19A3D-96D9-4DF2-8E56-E2D917B1A9EA"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CD7E9BB-7B9E-4022-BE18-EA9642F54064"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://support.blackberry.com/pkb/s/article/140334",
      "source": "secure@blackberry.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}