Description
CWE-20 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11.
Published: 2026-03-24
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Input Validation Failure
Action: Apply Patch
AI Analysis

Impact

The Android-ImageMagick7 library released by MolotovCherry contains an unchecked input validation flaw identified as CWE‑20. The flaw allows image data to be processed without proper validation of its contents. While the description does not specify the exact outcome of processing such data, the CVSS score of 9.8 indicates that a successful exploit could have a severe impact on the system where the library is used.

Affected Systems

All builds of MolotovCherry Android-ImageMagick7 released prior to version 7.1.2‑11 are vulnerable. The library is typically integrated into mobile and embedded applications that require image handling functions, so any application including these earlier releases could be affected.

Risk and Exploitability

The CVSS score of 9.8 signals critical severity. The EPSS score is less than 1%, implying that the likelihood of widespread exploitation is low, and the vulnerability is not listed in the CISA KEV catalog. Likely exploitation would require the library to process malicious or malformed image data—an intentional or accidental input path—though no publicly disclosed exploitation techniques are available.

Generated by OpenCVE AI on March 26, 2026 at 22:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Android-ImageMagick7 to version 7.1.2‑11 or newer
  • If a direct upgrade is not feasible, remove or isolate the vulnerable library from application workflows
  • Validate or reject any untrusted image data that will be passed to the library until a patch is applied
  • Monitor MolotovCherry’s repository and advisories for further updates or security notices

Generated by OpenCVE AI on March 26, 2026 at 22:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:molotovcherry:android-imagemagick7:*:*:*:*:*:*:*:*

Tue, 24 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Molotovcherry
Molotovcherry android-imagemagick7
Vendors & Products Molotovcherry
Molotovcherry android-imagemagick7

Tue, 24 Mar 2026 06:45:00 +0000

Type Values Removed Values Added
Description CWE-20 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11.
Title CWE-20 in MolotovCherry Android-ImageMagick7
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Molotovcherry Android-imagemagick7
cve-icon MITRE

Status: PUBLISHED

Assigner: GovTech CSG

Published:

Updated: 2026-03-24T13:31:36.176Z

Reserved: 2026-03-24T06:03:55.592Z

Link: CVE-2026-4755

cve-icon Vulnrichment

Updated: 2026-03-24T13:31:30.747Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-24T07:16:07.500

Modified: 2026-03-26T19:00:59.330

Link: CVE-2026-4755

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:21:13Z

Weaknesses