CVE-2019-5287

Name of the Vulnerable Software and Affected Versions P30 smart phones versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1)

Description The issue is caused by an integer overflow due to insufficient checks on specific parameters. An attacker can trick a user into installing a malicious application, obtain root permission, and then construct specific parameters to the camera program to exploit this issue. Successful exploitation could cause the program to crash or allow for arbitrary code execution.

Recommendations For versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), update to version ELLE-AL00B 9.1.0.193(C00E190R2P1) or later to resolve the issue. As a temporary workaround, consider restricting the installation of applications from untrusted sources and avoiding the use of the camera program with unverified parameters until a patch is available.