CVE-2024-58111 – This vulnerability in the ArkUI framework's SVG... (How to Fix)

Q: What is the severity of CVE-2024-58111?

CVE-2024-58111 has a CVSS score of 7.5 (HIGH). This vulnerability in the ArkUI framework's SVG parsing module allows attackers to cause denial of service by exploiting exception capture failures. It affects applications using ArkUI for SVG rendering, potentially impacting availability of affected services. Huawei devices and applications using vulnerable ArkUI versions are at risk.

📋 TL;DR

This vulnerability in the ArkUI framework's SVG parsing module allows attackers to cause denial of service by exploiting exception capture failures. It affects applications using ArkUI for SVG rendering, potentially impacting availability of affected services. Huawei devices and applications using vulnerable ArkUI versions are at risk.

💻 Affected Systems

Products:

Huawei devices with ArkUI framework
Applications using ArkUI for SVG rendering

Versions: Specific versions not detailed in reference; check Huawei advisory for affected versions

Operating Systems: HarmonyOS, Android-based Huawei systems

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default SVG parsing configuration; requires SVG processing to be triggered

📦 What is this software?

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption through denial of service, rendering affected applications or services unavailable to users.

🟠

Likely Case

Application crashes or instability when processing malicious SVG content, leading to temporary service interruptions.

🟢

If Mitigated

Minimal impact with proper input validation and monitoring in place, though some service degradation possible.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires delivering malicious SVG content to vulnerable parsing module

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Huawei security bulletin for specific patched versions

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2025/4/

Restart Required: Yes

Instructions:

1. Check Huawei security advisory for affected versions. 2. Apply security updates via official channels. 3. Restart affected devices/services after patching.

🔧 Temporary Workarounds

Disable SVG processing

all

Temporarily disable SVG file processing in affected applications if possible

Input validation

all

Implement strict validation of SVG files before processing

🧯 If You Can't Patch

Implement network segmentation to isolate affected systems
Deploy web application firewall with SVG content filtering rules

🔍 How to Verify

Check if Vulnerable:

Check device/application version against Huawei security advisory; test with controlled SVG payloads

Check Version:

Check device settings or application about section for version information

Verify Fix Applied:

Verify updated version matches patched version in advisory; test SVG processing functionality

📡 Detection & Monitoring

Log Indicators:

Application crashes related to SVG processing
Exception errors in ArkUI framework logs
Unusual SVG file processing patterns

Network Indicators:

Unusual SVG file transfers to affected systems
Increased error responses from SVG processing endpoints

SIEM Query:

source="*arkui*" AND (error OR exception OR crash) AND svg

📊 Metadata

CVE ID: CVE-2024-58111

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-248

EPSS Score: 0.12% exploit probability (30.6th percentile)

Published: April 7, 2025

Last Updated: May 7, 2025

🔗 References

https://consumer.huawei.com/en/support/bulletin/2025/4/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-58111, you might also want to check these: