Summaryinfo

A vulnerability classified as critical was found in MolotovCherry Android-ImageMagick7 up to 7.1.2-10. This impacts an unknown function. Executing a manipulation can lead to out-of-bounds write. This vulnerability is tracked as CVE-2026-4756. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

Detailsinfo

A vulnerability classified as critical was found in MolotovCherry Android-ImageMagick7 up to 7.1.2-10. This vulnerability affects an unknown function. The manipulation with an unknown input leads to a out-of-bounds write vulnerability. The CWE definition for the vulnerability is CWE-787. The product writes data past the end, or before the beginning, of the intended buffer. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:

Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11.

The advisory is available at github.com. This vulnerability was named CVE-2026-4756 since 03/24/2026. The exploitation appears to be easy. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. Successful exploitation requires user interaction by the victim. The technical details are unknown and an exploit is not available.

Upgrading to version 7.1.2-11 eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2026-14780). Once again VulDB remains the best source for vulnerability data.

Productinfo

Type

• Image Processing Software

Vendor

• MolotovCherry

Name

• Android-ImageMagick7

Version

• 7.1.2-10

Website

• Product: https://github.com/MolotovCherry/Android-ImageMagick7/

CPE 2.3info

• 🔒

CPE 2.2info

• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion