Android applications using the MolotovCherry ImageMagick7 library are at critical risk due to improper input validation that could allow for system compromise.

This vulnerability is classified as CWE-20 (Improper Input Validation). In the context of ImageMagick, this typically means the library fails to properly validate image metadata or file headers, which can be exploited when the library processes a maliciously crafted image file.

The impact of this vulnerability is significant, as ImageMagick is often used to process user-uploaded content. An attacker could provide a specially crafted image that triggers the flaw, potentially leading to remote code execution or a denial-of-service (DoS) condition on the mobile device or server. The CVSS score of 9.8 indicates a critical threat level.

Immediate Action: Update the Android-ImageMagick7 library to version 7.1.2-11 or later and redeploy any affected applications.

Proactive Monitoring: Monitor application crash reports for evidence of exploitation attempts, such as unusual memory corruption errors during image processing.

Compensating Controls: Implement strict file type validation and consider using a sandbox environment to process user-uploaded images before they are handled by the primary application.

Public Exploit Available: No

Developers must update to the patched version of the library immediately. Furthermore, always follow the principle of least privilege when configuring the permissions for applications that utilize image processing libraries.