Huawei Mate 9 Pro smartphones with software LON-AL00BC00B139D; LON-AL00BC00B229 have an integer overflow vulnerability. The camera driver does not validate the external input parameters and causes an integer overflow, which in the after processing results in a buffer overflow. An attacker tricks the user to install a crafted application, successful exploit could cause malicious code execution.
Conclusion & alert: CVE-2017-17324 is rated Moderate Risk (51/100): CVSS High severity, with medium exploitation likelihood (EPSS 0.91%). Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.35% | 0.91% | +0.55% |
| 2 | 2025-03-30 | 0.30% | 0.35% | +0.05% |
| 3 | 2025-03-29 | — | 0.30% | — |
Full EPSS history (9 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 7.8 | 3.0 | HIGH |
|
1.8 | 5.9 | [email protected] |
| 6.8 | 2.0 | MEDIUM |
|
8.6 | 6.4 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| huawei | mate_9_pro_firmware | lon-al00bc00b139d | cpe:2.3:o:huawei:mate_9_pro_firmware:lon-al00bc00b139d:*:*:*:*:*:*:* |
| huawei | mate_9_pro_firmware | lon-al00bc00b229 | cpe:2.3:o:huawei:mate_9_pro_firmware:lon-al00bc00b229:*:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180124-01-smartphone-en | Vendor Advisory |