CVE-2024-56451

High

Published: 08 January 2025

Published

08 January 2025

Modified

13 January 2025

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H

EPSS Score 0.0008 24.3th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Integer overflow vulnerability during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability.

Security Summary

CVE-2024-56451 is an integer overflow vulnerability (CWE-190, CWE-680) during glTF model loading in the 3D engine module of Huawei software. Published on January 8, 2025, it carries a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H), rated as high severity.

A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation may lead to high confidentiality impact through unauthorized access to sensitive data, low integrity impact, and high availability impact such as denial of service.

Huawei has issued a security bulletin detailing mitigations and patches for this vulnerability, available at https://consumer.huawei.com/en/support/bulletin/2025/1/.

Details

CWE(s): CWE-680CWE-190

Affected Products

huawei

harmonyos

5.0.0

References

https://consumer.huawei.com/en/support/bulletin/2025/1/
Vendor Advisory · psirt@huawei.com