CVE-2019-5288

Name of the Vulnerable Software and Affected Versions P30 smart phones versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1)

Description The issue is caused by an integer overflow due to insufficient checks on specific parameters. An attacker can exploit this by tricking a user into installing a malicious application, obtaining root permission, and constructing specific parameters to the camera program. This could cause the program to crash or allow for arbitrary code execution.

Recommendations For versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), update to a version equal to or later than ELLE-AL00B 9.1.0.193(C00E190R2P1) to resolve the issue. As a temporary workaround, consider restricting the installation of applications from untrusted sources and avoiding the use of the camera program with unverified parameters until a patch is available.