CVE-2021-32024 - Vulnerability Details - OpenCVE

A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Blackberry	Qnx Software Development Platform

Configuration 1 [-]

cpe:2.3:a:blackberry:qnx_software_development_platform:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://support.blackberry.com/kb/articleDetail?articleNumber=000089042

History

Tue, 09 Sep 2025 15:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-20	CWE-1287

Mon, 25 Aug 2025 14:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-20
Metrics	cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: blackberry

Published: 2021-12-13T18:06:24

Updated: 2025-09-09T15:07:31.697Z

Reserved: 2021-05-03T00:00:00

Link: CVE-2021-32024

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-12-13T19:15:07.840

Modified: 2025-09-09T16:15:31.850

Link: CVE-2021-32024

Redhat

No data.

{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "QNX Software Development Platform (SDP)", "vendor": "BlackBerry", "versions": [{"lessThanOrEqual": "6.6.0", "status": "affected", "version": "6.4.0", "versionType": "custom"}, {"lessThanOrEqual": "7.1", "status": "affected", "version": "7.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process.</p>"}], "value": "A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process."}], "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153 Input Data Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "6.4.0 through 6.6.0"}]}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "7.0 through 7.1"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1287", "description": "CWE-1287: Improper Validation of Specified Type of Input", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "shortName": "blackberry", "dateUpdated": "2025-09-09T15:07:31.697Z"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000089042"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@blackberry.com", "ID": "CVE-2021-32024", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BlackBerry QNX Software Development Platform (SDP)", "version": {"version_data": [{"version_value": "QNX SDP 6.4 to 7.1"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Remote code execution"}]}]}, "references": {"reference_data": [{"name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000089042", "refsource": "MISC", "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000089042"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:17:27.925Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000089042"}]}]}, "cveMetadata": {"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "assignerShortName": "blackberry", "cveId": "CVE-2021-32024", "datePublished": "2021-12-13T18:06:24", "dateReserved": "2021-05-03T00:00:00", "dateUpdated": "2025-09-09T15:07:31.697Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "6421B8DD-71CF-42E4-8C89-A91E7FFC9D65", "versionEndIncluding": "7.1", "versionStartIncluding": "6.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process."}, {"lang": "es", "value": "Una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota en el c\u00f3dec de im\u00e1genes BMP de BlackBerry QNX SDP versiones 6.4 a 7.1, podr\u00eda permitir a un atacante ejecutar potencialmente c\u00f3digo en el contexto del proceso afectado"}], "id": "CVE-2021-32024", "lastModified": "2025-09-09T16:15:31.850", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "secure@blackberry.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-12-13T19:15:07.840", "references": [{"source": "secure@blackberry.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000089042"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000089042"}], "sourceIdentifier": "secure@blackberry.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1287"}], "source": "secure@blackberry.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}