Android-ImageMagick7 Out-of-Bounds Write Vulnerability (CVE-2026-33854)
An unauthenticated, remote attacker can exploit an out-of-bounds write vulnerability (CVE-2026-33854) in MolotovCherry Android-ImageMagick7 versions before 7.1.2-10 by enticing a user to open a malicious image, potentially leading to arbitrary code execution.
CVE-2026-33854 is an out-of-bounds write vulnerability affecting MolotovCherry Android-ImageMagick7 versions prior to 7.1.2-10. This vulnerability stems from improper bounds checking within the image processing logic. The Government Technology Agency of Singapore Cyber Security Group (GovTech CSG) reported this vulnerability. Successful exploitation could lead to a denial of service, information disclosure, or potentially arbitrary code execution on the affected device. Due to the widespread…
Detection coverage 2
Detect ImageMagick Image Processing via HTTP
highDetects requests to ImageMagick processing endpoints that could be indicative of exploitation attempts.
Detect pull request to Android-ImageMagick7 repo
lowDetects network requests to the specific pull request associated with the vulnerability fix, potentially indicating reconnaissance.
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
1