CVE-2017-8202
MEDIUMHuawei Prague < Prague-AL00AC00B205 Buffer Overflow in CameraISP Driver
Title source: llmDescription
The CameraISP driver of some Huawei smart phones with software of versions earlier than Prague-AL00AC00B205,versions earlier than Prague-AL00BC00B205,versions earlier than Prague-AL00CC00B205,versions earlier than Prague-TL00AC01B205,versions earlier than Prague-TL10AC01B205 has a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP, the APP can send a specific parameter to the CameraISP driver of the smart phone, causing system reboot.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171115-01-smartphone-en
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101959
Scores
CVSS v3
5.5
EPSS
0.0007
EPSS Percentile
20.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-119
Status
published
Products (6)
huawei/prague-al00a_firmware
< prague-al00ac00b205
huawei/prague-al00b_firmware
< prague-al00bc00b205
huawei/prague-al00c_firmware
< prague-al00cc00b205
huawei/prague-tl00a_firmware
< prague-tl00ac01b205
huawei/prague-tl10a_firmware
< prague-tl10ac01b205
Huawei Technologies Co., Ltd./Prague-AL00A,Prague-AL00B,Prague-AL00C,Prague-TL00A,Prague-TL10A
Versions earlier than Prague-AL00AC00B205,Versions earlier than Prague-AL00BC00B205,Versions earlier
Published
Nov 22, 2017
Tracked Since
Feb 18, 2026