Description
Integer Overflow or Wraparound vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11.
Published: 2026-03-24
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Update
AI Analysis

Impact

This vulnerability is an integer overflow or wraparound in the Android-ImageMagick7 library before version 7.1.2-11. The flaw can cause incorrect memory calculations or overflows when processing image data, potentially leading to crashes or corrupted output. Consequently, an attacker could leverage the bug to disrupt service or cause unstable behavior in affected applications.

Affected Systems

The affected product is MolotovCherry Android-ImageMagick7. All installations of the library with versions earlier than 7.1.2‑11 are vulnerable.

Risk and Exploitability

The CVSS score of 5.5 indicates medium severity, and the EPSS score of less than 1% suggests a low probability of exploitation. It is not currently listed in the CISA KEV catalog. The likely attack vector is the delivery of a crafted image file to an application that incorporates the vulnerable ImageMagick library; this could allow an attacker to trigger the overflow and induce a denial of service or memory corruption attack. Given the low EPSS, immediate exposure risk is moderate, but users of the library should apply the vendor‑supplied fix promptly to eliminate any potential attack surface.

Generated by OpenCVE AI on March 26, 2026 at 20:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Android-ImageMagick7 to version 7.1.2‑11 or newer.

Generated by OpenCVE AI on March 26, 2026 at 20:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 19:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:molotovcherry:android-imagemagick7:*:*:*:*:*:*:*:*

Tue, 24 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Molotovcherry
Molotovcherry android-imagemagick7
Vendors & Products Molotovcherry
Molotovcherry android-imagemagick7

Tue, 24 Mar 2026 06:15:00 +0000

Type Values Removed Values Added
Description Integer Overflow or Wraparound vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11.
Title Integer Overflow or Wraparound in MolotovCherry Android-ImageMagick7
Weaknesses CWE-190
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Molotovcherry Android-imagemagick7
cve-icon MITRE

Status: PUBLISHED

Assigner: GovTech CSG

Published:

Updated: 2026-03-24T18:23:50.298Z

Reserved: 2026-03-24T05:55:55.342Z

Link: CVE-2026-33855

cve-icon Vulnrichment

Updated: 2026-03-24T18:23:46.502Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-24T06:16:22.827

Modified: 2026-03-26T19:16:36.430

Link: CVE-2026-33855

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:21:17Z

Weaknesses