{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33855", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-03-24T05:55:55.342Z", "datePublished": "2026-03-24T05:58:53.650Z", "dateUpdated": "2026-03-24T18:23:50.298Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-03-24T05:58:53.650Z"}, "title": "Integer Overflow or Wraparound in MolotovCherry Android-ImageMagick7", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "type": "CWE"}]}], "affected": [{"vendor": "MolotovCherry", "product": "Android-ImageMagick7", "collectionURL": "https://github.com/MolotovCherry/Android-ImageMagick7", "versions": [{"status": "affected", "version": "0", "lessThan": "7.1.2-11", "versionType": "git"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Integer Overflow or Wraparound vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Integer Overflow or Wraparound vulnerability in MolotovCherry Android-ImageMagick7.<p>This issue affects Android-ImageMagick7: before 7.1.2-11.</p>"}]}], "references": [{"url": "https://github.com/MolotovCherry/Android-ImageMagick7/pull/187", "tags": ["patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}}], "credits": [{"lang": "en", "value": "TITAN Team (titancaproject@gmail.com)", "type": "reporter"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T18:22:47.403532Z", "id": "CVE-2026-33855", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T18:23:50.298Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33855", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-24T18:22:47.403532Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T18:23:46.502Z"}}], "cna": {"title": "Integer Overflow or Wraparound in MolotovCherry Android-ImageMagick7", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "MolotovCherry", "product": "Android-ImageMagick7", "versions": [{"status": "affected", "version": "0", "lessThan": "7.1.2-11", "versionType": "git"}], "collectionURL": "https://github.com/MolotovCherry/Android-ImageMagick7", "defaultStatus": "affected"}], "references": [{"url": "https://github.com/MolotovCherry/Android-ImageMagick7/pull/187", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Integer Overflow or Wraparound vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11.", "supportingMedia": [{"type": "text/html", "value": "Integer Overflow or Wraparound vulnerability in MolotovCherry Android-ImageMagick7.<p>This issue affects Android-ImageMagick7: before 7.1.2-11.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-03-24T05:58:53.650Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33855", "state": "PUBLISHED", "dateUpdated": "2026-03-24T18:23:50.298Z", "dateReserved": "2026-03-24T05:55:55.342Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2026-03-24T05:58:53.650Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:molotovcherry:android-imagemagick7:*:*:*:*:*:*:*:*", "matchCriteriaId": "CD4FC35B-5E60-42CC-87A5-71FF393A6EAB", "versionEndExcluding": "7.1.2-11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer Overflow or Wraparound vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11."}, {"lang": "es", "value": "Vulnerabilidad de desbordamiento de entero o desbordamiento por ajuste en MolotovCherry Android-ImageMagick7. Este problema afecta a Android-ImageMagick7: antes de 7.1.2-11."}], "id": "CVE-2026-33855", "lastModified": "2026-03-26T19:16:36.430", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-24T06:16:22.827", "references": [{"source": "cve_disclosure@tech.gov.sg", "tags": ["Issue Tracking"], "url": "https://github.com/MolotovCherry/Android-ImageMagick7/pull/187"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,7.1.2-11)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Android-ImageMagick7", "source": "cna", "vendor": "MolotovCherry"}, "product": "android-imagemagick7", "vendor": "molotovcherry"}], "analysis": {"en": {"generated_at": "2026-03-26T20:50:48.064352+00:00", "value": {"mitigation_remediation": ["Upgrade Android-ImageMagick7 to version 7.1.2\u201111 or newer."], "summary": {"action": "Update", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The affected product is MolotovCherry Android-ImageMagick7. All installations of the library with versions earlier than 7.1.2\u201111 are vulnerable.", "description_and_impact": "This vulnerability is an integer overflow or wraparound in the Android-ImageMagick7 library before version 7.1.2-11. The flaw can cause incorrect memory calculations or overflows when processing image data, potentially leading to crashes or corrupted output. Consequently, an attacker could leverage the bug to disrupt service or cause unstable behavior in affected applications.", "risk_and_exploitability": "The CVSS score of 5.5 indicates medium severity, and the EPSS score of less than 1% suggests a low probability of exploitation. It is not currently listed in the CISA KEV catalog. The likely attack vector is the delivery of a crafted image file to an application that incorporates the vulnerable ImageMagick library; this could allow an attacker to trigger the overflow and induce a denial of service or memory corruption attack. Given the low EPSS, immediate exposure risk is moderate, but users of the library should apply the vendor\u2011supplied fix promptly to eliminate any potential attack surface."}}}}, "created": "2026-03-24T10:28:49.504828+00:00", "updated": "2026-03-27T09:21:17.253186+00:00", "vendors": ["molotovcherry", "molotovcherry$PRODUCT$android-imagemagick7"]}