CVE-2026-33852 PUBLISHED

Missing Release of Memory after Effective Lifetime in MolotovCherry Android-ImageMagick7

Assigner: GovTech CSG
Reserved: 24.03.2026 Published: 24.03.2026 Updated: 24.03.2026

Missing Release of Memory after Effective Lifetime vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS Score: 7.5

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	None
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	MolotovCherry
Product	Android-ImageMagick7
Versions	Default: affected affected from 0 to 7.1.2-11 (excl.)

Credits

TITAN Team (titancaproject@gmail.com) reporter

References

https://github.com/MolotovCherry/Android-ImageMagick7/pull/191

Problem Types

CWE-401 Missing Release of Memory after Effective Lifetime CWE