Input Parameter Validation Flaw in 3D Engine by Huawei
CVE-2024-56455

5.5MEDIUM

Key Information:

Vendor: Huawei
Status: Harmonyos
Vendor: CVE Published:; 8 January 2025

What is CVE-2024-56455?

A vulnerability exists in Huawei's 3D engine module due to improper validation of input parameters during glTF model loading. This flaw could potentially allow an attacker to manipulate input parameters, leading to availability issues within the affected systems. Proper input validation mechanisms are essential to prevent the exploitation of this vulnerability and safeguard the integrity of 3D rendering processes.

Affected Version(s)

HarmonyOS 5.0.0

References

https://consumer.huawei.com/en/support/bulletin/2025/1/

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 8, 2025
Vulnerability Reserved
Dec 26, 2024