Skip to main content

Qnx Software Development Platform

23 CVEs product

Monthly

CVE-2026-4018 MEDIUM This Month

TOCTOU Race Condition in specific trace commands of the TraceEvent() system call could allow an attacker with local access and with the PROCMGR_AID_TRACE ability, to cause information disclosure, data tampering or a crash of the QNX Neutrino kernel.

Information Disclosure Qnx Software Development Platform Qnx Os For Safety Qnx Os For Medical
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2026-4017 HIGH This Week

Local information disclosure, data tampering, and denial of service in the BlackBerry QNX Neutrino kernel stems from a stack buffer overflow in the entry handler of the TraceEvent() system call, affecting QNX Software Development Platform, QNX OS for Safety, and QNX OS for Medical. An attacker able to run code on the target can craft malicious TraceEvent() arguments to corrupt kernel stack memory, leaking sensitive kernel data, altering kernel state, or crashing the RTOS. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; exploitation is rated high-complexity (AC:H) despite requiring no prior privileges.

Buffer Overflow Stack Overflow Information Disclosure Qnx Software Development Platform Qnx Os For Safety +1
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2026-0515 MEDIUM This Month

Insufficient Parameter Validation in the SchedGet() system call could allow an attacker with local access to cause a crash of the QNX Neutrino kernel.

Denial Of Service Qnx Software Development Platform Qnx Os For Safety Qnx Os For Medical
NVD VulDB
CVSS 3.1
6.2
EPSS
0.1%
CVE-2025-2474 CRITICAL Act Now

A security vulnerability in the PCX image codec in QNX SDP (CVSS 9.8) that allows an unauthenticated attacker. Critical severity with potential for significant impact on affected systems.

Buffer Overflow Qnx Software Development Platform
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-48858 HIGH This Month

Improper input validation in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qnx Software Development Platform
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-48857 HIGH This Month

NULL pointer dereference in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Qnx Software Development Platform
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-48856 CRITICAL This Week

Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Qnx Software Development Platform
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-48855 MEDIUM This Month

Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Qnx Software Development Platform
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-48854 MEDIUM This Month

Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qnx Software Development Platform
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-35215 MEDIUM This Month

NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Development Platform (SDP) version(s) 7.1 and 7.0 could allow an attacker with local access to cause a. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Qnx Software Development Platform
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-35213 CRITICAL Act Now

An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Qnx Software Development Platform
NVD
CVSS 3.1
9.0
EPSS
0.5%
CVE-2023-32701 HIGH This Week

Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qnx Software Development Platform
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-32024 CRITICAL PATCH Act Now

A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Qnx Software Development Platform
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-22156 CRITICAL PATCH Act Now

An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform (SDP) version(s) 6.5.0SP1 and earlier, QNX OS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service RCE Qnx Software Development Platform Qnx Os For Medical +1
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-6932 CRITICAL Act Now

An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Qnx Software Development Platform
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2019-8998 HIGH PATCH This Week

An information disclosure vulnerability leading to a potential local escalation of privilege in the procfs service (the /proc filesystem) of BlackBerry QNX Software Development Platform version(s). Rated high severity (CVSS 7.8).

Authentication Bypass Privilege Escalation Information Disclosure Qnx Software Development Platform
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2017-9371 LOW Monitor

In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able. Rated low severity (CVSS 2.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qnx Software Development Platform
NVD
CVSS 3.1
2.6
EPSS
0.2%
CVE-2017-9369 LOW Monitor

In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qnx Software Development Platform
NVD
CVSS 3.1
3.8
EPSS
0.2%
CVE-2017-3893 LOW Monitor

In BlackBerry QNX Software Development Platform (SDP) 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with. Rated low severity (CVSS 1.9). No vendor patch available.

Buffer Overflow Qnx Software Development Platform
NVD
CVSS 3.1
1.9
EPSS
0.2%
CVE-2017-3892 LOW Monitor

In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qnx Software Development Platform
NVD
CVSS 3.1
3.8
EPSS
0.2%
CVE-2017-3891 CRITICAL Act Now

In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qnx Software Development Platform
NVD
CVSS 3.1
9.6
EPSS
0.3%
CVE-2013-2688 MEDIUM POC PATCH This Month

Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Denial Of Service RCE Qnx Software Development Platform Qnx Neutrino Rtos
NVD
CVSS 2.0
5.4
EPSS
3.7%
CVE-2013-2687 HIGH POC PATCH This Week

Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service RCE Qnx Momentics Tool Suite Qnx Software Development Platform +1
NVD
CVSS 2.0
7.8
EPSS
3.7%
EPSS 0% CVSS 6.4
MEDIUM This Month

TOCTOU Race Condition in specific trace commands of the TraceEvent() system call could allow an attacker with local access and with the PROCMGR_AID_TRACE ability, to cause information disclosure, data tampering or a crash of the QNX Neutrino kernel.

Information Disclosure Qnx Software Development Platform Qnx Os For Safety +1
NVD
EPSS 0% CVSS 7.4
HIGH This Week

Local information disclosure, data tampering, and denial of service in the BlackBerry QNX Neutrino kernel stems from a stack buffer overflow in the entry handler of the TraceEvent() system call, affecting QNX Software Development Platform, QNX OS for Safety, and QNX OS for Medical. An attacker able to run code on the target can craft malicious TraceEvent() arguments to corrupt kernel stack memory, leaking sensitive kernel data, altering kernel state, or crashing the RTOS. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; exploitation is rated high-complexity (AC:H) despite requiring no prior privileges.

Buffer Overflow Stack Overflow Information Disclosure +3
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Insufficient Parameter Validation in the SchedGet() system call could allow an attacker with local access to cause a crash of the QNX Neutrino kernel.

Denial Of Service Qnx Software Development Platform Qnx Os For Safety +1
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

A security vulnerability in the PCX image codec in QNX SDP (CVSS 9.8) that allows an unauthenticated attacker. Critical severity with potential for significant impact on affected systems.

Buffer Overflow Qnx Software Development Platform
NVD
EPSS 0% CVSS 7.5
HIGH This Month

Improper input validation in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qnx Software Development Platform
NVD
EPSS 1% CVSS 7.5
HIGH This Month

NULL pointer dereference in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Qnx Software Development Platform
NVD
EPSS 1% CVSS 9.8
CRITICAL This Week

Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Qnx Software Development Platform
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Qnx Software Development Platform
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qnx Software Development Platform
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Development Platform (SDP) version(s) 7.1 and 7.0 could allow an attacker with local access to cause a. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Qnx Software Development Platform
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Qnx Software Development Platform
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qnx Software Development Platform
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Qnx Software Development Platform
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform (SDP) version(s) 6.5.0SP1 and earlier, QNX OS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service RCE +3
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Qnx Software Development Platform
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An information disclosure vulnerability leading to a potential local escalation of privilege in the procfs service (the /proc filesystem) of BlackBerry QNX Software Development Platform version(s). Rated high severity (CVSS 7.8).

Authentication Bypass Privilege Escalation Information Disclosure +1
NVD
EPSS 0% CVSS 2.6
LOW Monitor

In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able. Rated low severity (CVSS 2.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qnx Software Development Platform
NVD
EPSS 0% CVSS 3.8
LOW Monitor

In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qnx Software Development Platform
NVD
EPSS 0% CVSS 1.9
LOW Monitor

In BlackBerry QNX Software Development Platform (SDP) 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with. Rated low severity (CVSS 1.9). No vendor patch available.

Buffer Overflow Qnx Software Development Platform
NVD
EPSS 0% CVSS 3.8
LOW Monitor

In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qnx Software Development Platform
NVD
EPSS 0% CVSS 9.6
CRITICAL Act Now

In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qnx Software Development Platform
NVD
EPSS 4% CVSS 5.4
MEDIUM POC PATCH This Month

Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Denial Of Service RCE +2
NVD
EPSS 4% CVSS 7.8
HIGH POC PATCH This Week

Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service RCE +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy