VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 13, 2019· Updated Aug 4, 2024

CVE-2019-5287

CVE-2019-5287

Description

P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an integer overflow vulnerability due to insufficient check on specific parameters. An attacker tricks the user into installing a malicious application, obtains the root permission and constructs specific parameters to the camera program to exploit this vulnerability. Successful exploit could cause the program to break down or allow for arbitrary code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An integer overflow in Huawei P30 cameras before ELLE-AL00B 9.1.0.193 allows arbitrary code execution or crash via a malicious app with root.

Vulnerability

An integer overflow vulnerability exists in the camera program of Huawei P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) [1]. The bug is caused by insufficient validation of specific parameters passed to the camera code, allowing manipulation of integer boundaries [1].

Exploitation

An attacker must first trick the user into installing a malicious application and then obtain root permission on the device [1]. With elevated privileges, the attacker can construct specific parameters to the camera program to trigger the integer overflow [1]. No additional user interaction is required beyond the initial installation.

Impact

Successful exploitation of this integer overflow can cause the camera program to crash or allow arbitrary code execution [1]. The attacker can execute code at the privilege level of the camera process, potentially leading to full device compromise.

Mitigation

Huawei released a software update to fix this vulnerability; the resolved version is ELLE-AL00B 9.1.0.193(C00E190R2P1) [1]. Users should update to this version or later to mitigate the issue. No workaround is provided for unpatched devices.

References
  1. Security Advisory - Two Integer overflow Vulnerabilities in Some Huawei Smart Phones

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Huawei/P30 smart phonesdescription
  • Huawei/P30llm-fuzzy
    Range: < 9.1.0.193(C00E190R2P1)

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.