Description
Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-10.
Published: 2026-03-24
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Out-of-Bounds Write leading to memory corruption
Action: Immediate Patch
AI Analysis

Impact

An out-of-bounds write has been identified in the Android-ImageMagick7 implementation by MolotovCherry. The flaw allows a malicious user to corrupt memory, which could lead to arbitrary code execution or application crash. The weakness is a classic buffer overflow (CWE-787) that undermines data integrity and can compromise system confidentiality.

Affected Systems

Devices running the MolotovCherry Android-ImageMagick7 library before version 7.1.2-10 are affected. This includes any application that incorporates that library to decode or process image data on Android.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity, and the EPSS score of less than 1% suggests that current exploitation activity is low. Because the vulnerability is triggered by crafted image input, it could be exploited remotely if the application accepts untrusted images. The vulnerability is not listed in the CISA KEV catalog, but the high CVSS warrants prompt remediation.

Generated by OpenCVE AI on March 26, 2026 at 20:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Android-ImageMagick7 to version 7.1.2‑10 or later.
  • If an upgrade is not immediately possible, ensure that untrusted images are not processed by the vulnerable library.
  • Apply vendor patches as soon as they become available.
  • Monitor threat intelligence feeds for any exploit activity targeting this issue.

Generated by OpenCVE AI on March 26, 2026 at 20:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 19:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:molotovcherry:android-imagemagick7:*:*:*:*:*:*:*:*

Tue, 24 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Molotovcherry
Molotovcherry android-imagemagick7
Vendors & Products Molotovcherry
Molotovcherry android-imagemagick7

Tue, 24 Mar 2026 06:15:00 +0000

Type Values Removed Values Added
Description Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-10.
Title Out-of-bounds Write in MolotovCherry Android-ImageMagick7
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Molotovcherry Android-imagemagick7
cve-icon MITRE

Status: PUBLISHED

Assigner: GovTech CSG

Published:

Updated: 2026-03-24T18:24:39.191Z

Reserved: 2026-03-24T05:55:55.342Z

Link: CVE-2026-33854

cve-icon Vulnrichment

Updated: 2026-03-24T18:24:35.827Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-24T06:16:22.670

Modified: 2026-03-26T19:17:51.180

Link: CVE-2026-33854

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:21:18Z

Weaknesses