Description
Missing Release of Memory after Effective Lifetime vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11.
Published: 2026-03-24
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via memory exhaustion
Action: Patch Now
AI Analysis

Impact

The vulnerability is a missing release of memory after its effective lifetime, leading to a memory leak. It can allow an attacker to cause resource exhaustion, potentially resulting in application slowdown or crash. The weakness corresponds to CWE-401, a classic memory management issue.

Affected Systems

The issue affects MolotovCherry's Android-ImageMagick7 prior to version 7.1.2-11. Any system using the library before that release is potentially vulnerable.

Risk and Exploitability

With a CVSS score of 7.5, the vulnerability is considered high severity. The EPSS score is below 1 % and it is not listed in CISA's KEV catalog, suggesting low current exploitation probability. Exploitation would likely require the attacker to supply a specially crafted image or image data that forces the library to allocate memory without releasing it, leading to gradual depletion of system resources. The attack vector is probably local or application‑internal, depending on how the library is integrated.

Generated by OpenCVE AI on March 26, 2026 at 20:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Android-ImageMagick7 to version 7.1.2-11 or newer.

Generated by OpenCVE AI on March 26, 2026 at 20:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:molotovcherry:android-imagemagick7:*:*:*:*:*:*:*:*

Tue, 24 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Molotovcherry
Molotovcherry android-imagemagick7
Vendors & Products Molotovcherry
Molotovcherry android-imagemagick7

Tue, 24 Mar 2026 06:45:00 +0000

Type Values Removed Values Added
Description Missing Release of Memory after Effective Lifetime vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11.
Title Missing Release of Memory after Effective Lifetime in MolotovCherry Android-ImageMagick7
Weaknesses CWE-401
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Molotovcherry Android-imagemagick7
cve-icon MITRE

Status: PUBLISHED

Assigner: GovTech CSG

Published:

Updated: 2026-03-24T17:51:17.454Z

Reserved: 2026-03-24T05:55:55.341Z

Link: CVE-2026-33852

cve-icon Vulnrichment

Updated: 2026-03-24T17:51:12.707Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-24T07:16:07.163

Modified: 2026-03-26T19:06:14.017

Link: CVE-2026-33852

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:21:15Z

Weaknesses