Login Sign Up

CVE-2024-48858

7.5 HIGH
Denial of Service

📋 TL;DR

An improper input validation vulnerability in the PCX image codec in QNX SDP allows unauthenticated attackers to cause denial-of-service conditions. This affects processes using the image codec in QNX SDP versions 8.0, 7.1, and 7.0.

💻 Affected Systems

Products:
  • QNX Software Development Platform (SDP)
Versions: 8.0, 7.1, 7.0
Operating Systems: QNX Neutrino RTOS
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability is present when applications use the PCX image codec library

📦 What is this software?

Qnx Software Development Platform by Blackberry

View all CVEs affecting Qnx Software Development Platform →

Qnx Software Development Platform by Blackberry

View all CVEs affecting Qnx Software Development Platform →

Qnx Software Development Platform by Blackberry

View all CVEs affecting Qnx Software Development Platform →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete process crash leading to system instability or service disruption in applications using the PCX codec

🟠

Likely Case

Denial-of-service affecting specific applications or services that process PCX images

🟢

If Mitigated

Limited impact if codec is not used or input validation is implemented externally

🌐 Internet-Facing: MEDIUM - Exploitable if systems process untrusted PCX images from external sources
🏢 Internal Only: LOW - Requires processing of malicious PCX images, which is less common internally

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Requires crafting malicious PCX images and getting them processed by vulnerable systems

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check BlackBerry advisory for specific patch versions

Vendor Advisory: https://support.blackberry.com/pkb/s/article/140334

Restart Required: No

Instructions:

1. Review BlackBerry advisory 140334. 2. Apply recommended patches from QNX. 3. Update affected QNX SDP installations. 4. Restart applications using the PCX codec.

🔧 Temporary Workarounds

Disable PCX image processing

all

Configure applications to avoid processing PCX images or use alternative image formats

Input validation for image files

all

Implement strict validation of PCX files before processing

🧯 If You Can't Patch

  • Implement network segmentation to isolate systems processing PCX images
  • Deploy application-level firewalls to filter malicious image uploads

🔍 How to Verify

Check if Vulnerable:

Check QNX SDP version and verify if PCX codec is used by applications

Check Version:

uname -a or check QNX system information

Verify Fix Applied:

Verify patch installation and test PCX image processing functionality

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when processing image files
  • Memory access violation errors in logs

Network Indicators:

  • Unusual PCX file uploads to affected systems

SIEM Query:

search for process crashes related to image processing or PCX codec

📊 Metadata

CVE ID: CVE-2024-48858
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-1287
EPSS Score: 0.19% exploit probability (40.4th percentile)
Published: January 14, 2025
Last Updated: December 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-48858, you might also want to check these:

CVE-2024-51550 10.0

This CVE describes a data validation/sanitization vulnerability in ABB ASPECT industrial control sys...

Same vulnerability type (CWE-1287)
CVE-2021-32024 9.8

This critical vulnerability allows remote attackers to execute arbitrary code by sending specially c...

Same vulnerability type (CWE-1287)
CVE-2024-4879 9.8

This is a critical input validation vulnerability in ServiceNow's Now Platform that allows unauthent...

Same vulnerability type (CWE-1287)