CVE-2024-35213

Name of the Vulnerable Software and Affected Versions QNX SDP versions 6.6, 7.0, and 7.1

Description The issue is related to an improper input validation vulnerability in the SGI Image Codec. This could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing process by loading specially crafted SGI files. The vulnerability has been reportedly exploited in the wild.

Recommendations For QNX SDP version 6.6, update to a fixed version when available. For QNX SDP version 7.0, update to a fixed version when available. For QNX SDP version 7.1, update to a fixed version when available. As a temporary workaround, consider restricting the use of the SGI Image Codec until a patch is available.