Integer Overflow Vulnerability in 3D Engine Module by Huawei
CVE-2024-56451

7.3HIGH

Key Information:

Vendor: Huawei
Status: Harmonyos
Vendor: CVE Published:; 8 January 2025

Summary

An integer overflow vulnerability has been identified during the loading of glTF models within Huawei's 3D engine module. This flaw can potentially hinder the availability of services reliant on the affected engine, allowing for possible exploitation by malicious entities. Proper mitigation strategies should be implemented to safeguard systems against potential disruptions.

Affected Version(s)

HarmonyOS 5.0.0

References

https://consumer.huawei.com/en/support/bulletin/2025/1/

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 8, 2025
Vulnerability Reserved
Dec 26, 2024

Collectors

NVD DatabaseMitre Database