Description
Heap-based buffer overflow vulnerability in the image module.
Impact: Successful exploitation of this vulnerability may affect availability.
Published: 2026-02-06
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Availability
Action: Assess Impact
AI Analysis

Impact

The vulnerability is a heap‑based buffer overflow in the image module of Huawei HarmonyOS. When malformed image data is processed, the corruption can overwrite adjacent memory, potentially causing the image handling service to crash and denying service availability. No direct compromise of confidentiality or integrity is reported in the official description.

Affected Systems

Huawei HarmonyOS versions 5.1.0 and 6.0.0 are affected by the heap overflow in the image module. These versions of the operating system include the vulnerable component that processes image files.

Risk and Exploitability

The CVSS score of 7.3 indicates a high severity, while the EPSS score of less than 1% suggests that current exploitation attempts are extremely rare. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The attack vector is not explicitly stated, but it is inferred that delivering a specially crafted image—either locally or over a network interface that accepts image input—could trigger the overflow. No exploit code is documented, so the likelihood of public exploitation remains low at present.

Generated by OpenCVE AI on April 17, 2026 at 22:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the Huawei support bulletin for an update to HarmonyOS 5.1.0 and 6.0.0 and apply any released patch that addresses the image module overflow.
  • Restrict or disable the use of the vulnerable image processing functions in applications that handle untrusted data until a patch is applied to reduce the attack surface.
  • Continuously monitor system logs for errors related to image processing and investigate any abnormal restarts or elevated memory usage that could indicate an attempted exploitation.

Generated by OpenCVE AI on April 17, 2026 at 22:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 23:15:00 +0000

Type Values Removed Values Added
Title Heap-Based Buffer Overflow in Image Module

Tue, 10 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
CPEs cpe:2.3:o:huawei:harmonyos:5.1.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:harmonyos:6.0.0:*:*:*:*:*:*:*

Mon, 09 Feb 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei harmonyos
Vendors & Products Huawei
Huawei harmonyos

Fri, 06 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Feb 2026 08:30:00 +0000

Type Values Removed Values Added
Description Heap-based buffer overflow vulnerability in the image module. Impact: Successful exploitation of this vulnerability may affect availability.
Weaknesses CWE-122
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H'}

Subscriptions

Huawei Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-02-06T17:36:08.896Z

Reserved: 2026-01-28T06:05:05.257Z

Link: CVE-2026-24925

cve-icon Vulnrichment

Updated: 2026-02-06T17:36:05.433Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-06T09:15:51.023

Modified: 2026-02-10T18:11:30.970

Link: CVE-2026-24925

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T23:00:12Z

Weaknesses