CVE-2024-54105 – This CVE describes a buffer overflow vulnerabil... (How to Fix)

Q: What is the severity of CVE-2024-54105?

CVE-2024-54105 has a CVSS score of 5.1 (MEDIUM). This CVE describes a buffer overflow vulnerability (CWE-120) in Huawei's image decoding module that allows attackers to cause denial of service through read/write operations. The vulnerability affects availability of systems running vulnerable Huawei software. Users of affected Huawei products should apply patches immediately.

📋 TL;DR

This CVE describes a buffer overflow vulnerability (CWE-120) in Huawei's image decoding module that allows attackers to cause denial of service through read/write operations. The vulnerability affects availability of systems running vulnerable Huawei software. Users of affected Huawei products should apply patches immediately.

💻 Affected Systems

Products:

Huawei consumer devices and software with image decoding capabilities

Versions: Specific versions not detailed in reference; check Huawei advisory for exact ranges

Operating Systems: Android-based Huawei systems, HarmonyOS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems processing untrusted image files through vulnerable decoding modules.

📦 What is this software?

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or service disruption leading to extended downtime and potential data corruption.

🟠

Likely Case

Application crashes or service interruptions requiring restart, causing temporary availability issues.

🟢

If Mitigated

Minimal impact with proper input validation and memory protections in place.

🌐 Internet-Facing: MEDIUM - Exploitation requires specific image input but could affect exposed services.

🏢 Internal Only: LOW - Requires local access or specific image processing scenarios.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires crafting malicious image files and getting them processed by vulnerable system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Huawei security bulletin for specific patched versions

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2024/12/

Restart Required: Yes

Instructions:

1. Visit Huawei security advisory 2. Identify affected products 3. Apply security updates through official channels 4. Restart device after update

🔧 Temporary Workarounds

Disable automatic image processing

all

Prevent automatic decoding of untrusted image files

Input validation for image files

all

Implement strict validation before processing image files

🧯 If You Can't Patch

Implement network segmentation to isolate vulnerable systems
Deploy application-level firewalls to filter malicious image files

🔍 How to Verify

Check if Vulnerable:

Check device software version against Huawei security bulletin

Check Version:

Settings > About Phone > Software Information (on Huawei devices)

Verify Fix Applied:

Verify software version matches patched version from advisory

📡 Detection & Monitoring

Log Indicators:

Application crashes in image processing modules
Memory access violation errors

Network Indicators:

Unusual image file transfers to vulnerable systems

SIEM Query:

Image:Application AND (Crash OR MemoryViolation) AND ProcessName:image_decoder

📊 Metadata

CVE ID: CVE-2024-54105

CVSS v3 Score: 5.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CWE: CWE-120

Published: December 12, 2024

Last Updated: December 12, 2024

🔗 References

https://consumer.huawei.com/en/support/bulletin/2024/12/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-54105, you might also want to check these: