Severity by source
AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
Lifecycle Timeline
2DescriptionCVE.org
Stack overflow vulnerability in the media platform. Impact: Successful exploitation of this vulnerability may affect availability.
AnalysisAI
Stack overflow in Huawei HarmonyOS media platform allows local authenticated users to cause denial of service through a crafted media file that triggers stack memory exhaustion. The vulnerability requires user interaction and authenticated access (CVSS PR:L), limiting its real-world severity despite affecting availability. No public exploit code or active exploitation has been identified at the time of analysis.
Technical ContextAI
The vulnerability is a classic stack overflow (CWE-121) in the media platform component of HarmonyOS, triggered during media processing. Stack overflows occur when an application writes more data to a stack-allocated buffer than it can hold, corrupting the stack and potentially enabling code execution or denial of service. In this case, the vulnerability manifests as an availability impact only, suggesting the overflow corrupts local stack frames without achieving arbitrary code execution. The attack vector is local with low complexity, meaning the attacker must have local system access and trigger the vulnerability through a user interaction with a malicious media file on an affected HarmonyOS device.
RemediationAI
Apply the latest HarmonyOS security patch released by Huawei in May 2026 or later. Users should check the product-specific security bulletins (phones, tablets, vision, wearables, laptops) at the Huawei consumer support portal to identify their device category and download the appropriate patch. As a compensating control pending patching, restrict the opening of media files from untrusted sources - disable auto-play of media in applications and require explicit user confirmation before opening files from emails or web downloads. This reduces the likelihood of accidental trigger of the media processing code. No workaround completely eliminates the vulnerability without patch application.
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Stack Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-30525
GHSA-mrjv-j4g7-xx5r