#VU22802 Integer overflow


Published: 2019-11-15

Vulnerability identifier: #VU22802

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-5288

CWE-ID: CWE-190

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
P30
Client/Desktop applications / Multimedia software

Vendor: Huawei

Description

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists because of integer overflow due to insufficient check on specific parameters. A local user can trick the victim to install a malicious application, obtain the root permission, construct specific parameters to the camera program, trigger integer overflow and execute arbitrary code on the target system or break down the program.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

P30: All versions


CPE

External links
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-smartphone-en


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability