CVE-2024-56456

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Jan 8, 2025

Updated: Jan 13, 2025

CWE ID 120

Summary

CVE-2024-56456 is a newly identified vulnerability affecting the 3D engine module. The problem lies in the lack of verification for input parameters during glTF model loading. If exploited, this issue may result in availability concerns. Attackers could potentialy take advantage of this flaw to cause denial-of-service conditions. The 3D engine module's security is compromised due to insufficient input validation during the glTF model loading process.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

HarmonyOS

Affected Vendors

Huawei Technologies

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/17WHz9
https://www.cve.org/CVERecord?id=CVE-2024-56456
https://nvd.nist.gov/vuln/detail/CVE-2024-56456

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

Know What Matters

For Customers

For Partners