CVE-2024-58116

4.0 MEDIUM

Denial of Service Buffer Overflow

📋 TL;DR

A buffer overflow vulnerability exists in the SVG parsing module of Huawei's ArkUI framework. Successful exploitation could cause denial of service by crashing affected applications. This affects devices and applications using vulnerable versions of the ArkUI framework.

💻 Affected Systems

Products:

• Huawei devices and applications using ArkUI framework

Versions: Specific versions not detailed in reference; check Huawei advisory for affected versions.

Operating Systems: HarmonyOS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is present in default configurations where SVG parsing is enabled.

📦 What is this software?

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Application crash leading to denial of service, potentially disrupting application functionality or device stability.

🟠

Likely Case

Application instability or crashes when processing malicious SVG files, affecting user experience.

🟢

If Mitigated

Minimal impact if SVG parsing is restricted or input validation is implemented.

🌐 Internet-Facing: MEDIUM - Applications processing SVG files from untrusted sources could be exploited.

🏢 Internal Only: LOW - Requires processing of malicious SVG files, which is less likely in controlled environments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires crafting a malicious SVG file and getting it processed by vulnerable software.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Huawei security bulletin for specific patched versions.

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2025/4/

Restart Required: Yes

Instructions:

1. Check Huawei security advisory for affected versions. 2. Apply available security updates through official channels. 3. Restart device after update.

🔧 Temporary Workarounds

Disable SVG file processing

all

Prevent applications from processing SVG files if not required.

Input validation for SVG files

all

Implement strict validation and sanitization of SVG file inputs.

🧯 If You Can't Patch

• Restrict SVG file processing to trusted sources only.
• Monitor application logs for crashes related to SVG parsing.

🔍 How to Verify

Check if Vulnerable:

Copy

Check device/application version against Huawei security advisory.

Check Version:

Copy

Check device settings or application info for version details.

Verify Fix Applied:

Copy

Verify installed version matches or exceeds patched version from advisory.

📡 Detection & Monitoring

Log Indicators:

• Application crashes or errors related to SVG parsing
• Memory access violation logs

Network Indicators:

• Unusual SVG file downloads or transfers

SIEM Query:

Copy

Search for application crash events with 'SVG' or 'buffer overflow' in error messages.

📊 Metadata

CVE ID: CVE-2024-58116

CVSS v3 Score: 4.0 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE: CWE-121

EPSS Score: 0.16% exploit probability (37.1th percentile)

Published: April 7, 2025

Last Updated: May 7, 2025

🔗 References

• https://consumer.huawei.com/en/support/bulletin/2025/4/ Vendor Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-58116, you might also want to check these:

CVE-2024-39791 10.0

CVE-2024-39791 is a critical stack-based buffer overflow vulnerability in Vonets industrial WiFi bri...

Same vulnerability type (CWE-121)

CVE-2022-20699 10.0

This critical vulnerability in Cisco Small Business routers allows unauthenticated remote attackers ...

Same vulnerability type (CWE-121)

CVE-2022-20701 10.0

This CVE describes multiple critical vulnerabilities in Cisco Small Business RV series routers that ...

Same vulnerability type (CWE-121)