Primary

Context

Huawei HarmonyOS 3D Engine Module glTF Model Loading Input Validation Vulnerability

Vulnerability

Patched

A vulnerability exists in the 3D engine module of Huawei HarmonyOS devices, specifically in versions through 5.0.0. This vulnerability arises from input parameters not being properly validated during the loading of glTF models. As a result, successful exploitation could lead to issues affecting the availability of the service.

Impact

Exploitation of this vulnerability may disrupt the normal availability of the affected service.

Remediation

Users can refer to the January 2025 Huawei Security Bulletin for guidance on applying the available patch.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Huawei HarmonyOS 3D Engine Module glTF Model Loading Input Validation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Huawei HarmonyOS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating