Primary

Context

QNX SDP TIFF Image Codec Off-by-One Error Vulnerability Allowing Information Disclosure

Vulnerability

Patched

An off-by-one error vulnerability has been identified in the TIFF image codec of QNX Software Development Platform (SDP) versions 8.0, 7.1, and 7.0. This vulnerability could allow an unauthenticated attacker to cause information disclosure within the context of the process using the image codec. The issue arises when the system is induced to parse a maliciously crafted TIFF image file.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure in the context of the process using the image codec.

Remediation

QNX has released updates for the affected versions that address this vulnerability. These updates are available through the QNX Software Center. QNX recommends that all affected customers update their QNX-based products at their earliest convenience.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.7

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.7

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

QNX SDP TIFF Image Codec Off-by-One Error Vulnerability Allowing Information Disclosure

Vulnerability

Impact

Remediation

Affected Products

BlackBerry QNX Software Development Platform

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating