Cyber Resilience

CVE-2021-32024

Critical

Published: 13 December 2021

Published
13 December 2021
Modified
09 September 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0265 86.1th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-32024 is a critical-severity Improper Validation of Specified Type of Input (CWE-1287) vulnerability in Blackberry Qnx Software Development Platform. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 13.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

blackberry
qnx software development platform
6.4.0 — 7.1

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References