Input Parameter Validation Flaw in 3D Engine by Huawei
CVE-2024-56455

5.5MEDIUM

Key Information:

Vendor
Huawei
Status
Harmonyos
Vendor
CVE Published:
8 January 2025

Summary

A vulnerability exists in Huawei's 3D engine module due to improper validation of input parameters during glTF model loading. This flaw could potentially allow an attacker to manipulate input parameters, leading to availability issues within the affected systems. Proper input validation mechanisms are essential to prevent the exploitation of this vulnerability and safeguard the integrity of 3D rendering processes.

Affected Version(s)

HarmonyOS 5.0.0

References

https://consumer.huawei.com/en/support/bulletin/2025/1/

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.