Android-ImageMagick7 Improper Input Validation Vulnerability (CVE-2026-4755)
A CWE-20 improper input validation vulnerability exists in MolotovCherry Android-ImageMagick7 before version 7.1.2-11, potentially allowing for remote code execution or denial of service.
A critical vulnerability, CVE-2026-4755, has been identified in MolotovCherry Android-ImageMagick7. This vulnerability, classified as CWE-20 (Improper Input Validation), affects versions prior to 7.1.2-11. The vulnerability allows for remote unauthenticated attackers to cause a denial of service, or potentially remote code execution. The issue stems from a failure to properly validate user-supplied input, which could lead to unexpected behavior or memory corruption within the application. Successful exploitation of this vulnerability could have severe consequences, including the compromise of sensitive data or complete system takeover. The Government Technology Agency of Singapore Cyber Security Group (GovTech CSG) reported this vulnerability.
Attack Chain
- Attacker crafts a malicious image with specially crafted metadata or pixel data.
- The attacker hosts the malicious image on a web server or delivers it via email/messaging.
- The user downloads or receives the malicious image on their Android device.
- The Android device uses Android-ImageMagick7 to process the image (e.g., displaying the image in a gallery app, using it as an avatar, or processing it in a third-party application that relies on the library).
- Android-ImageMagick7 fails to properly validate the malicious image data.
- Due to the improper input validation, the application may crash, enter an infinite loop, or execute arbitrary code injected by the attacker.
- If code execution is achieved, the attacker can gain control of the application's context and potentially escalate privileges on the Android device.
- The attacker can then access sensitive data, install malware, or perform other malicious activities.
Impact
Successful exploitation of CVE-2026-4755 can have significant repercussions. An attacker could potentially achieve remote code execution, gaining unauthorized access to sensitive data, or even compromising the entire Android device. Given the widespread use of Android-ImageMagick7, a successful exploit could impact a large number of users across various sectors. If the vulnerable application is a core system component, exploitation may result in complete device compromise.
Recommendation
- Upgrade Android-ImageMagick7 to version 7.1.2-11 or later to patch CVE-2026-4755.
- Monitor application logs for error messages related to image processing, which could indicate exploitation attempts. Deploy the Sigma rule "Detect Suspicious ImageMagick Error Messages" to identify potential exploitation attempts based on log patterns.
- Implement input validation and sanitization measures in applications that use Android-ImageMagick7 to mitigate the risk of exploitation, as the root cause is improper input validation (CWE-20).
Detection coverage 2
Detect Suspicious ImageMagick Error Messages
mediumDetects suspicious error messages in logs that may indicate exploitation attempts against Android-ImageMagick7
Detect Exploitation Attempts via HTTP requests
highDetects requests with filenames that might indicate code injection in Android-ImageMagick7
Detection queries are available on the platform. Get full rules →