CVE-2026-33856
Use-After-Free Memory Vulnerability in Android-ImageMagick7 Before
Publication date: 2026-03-24
Last updated on: 2026-03-26
Assigner: Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| molotovcherry | android-imagemagick7 | to 7.1.2-11 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-401 | The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a missing release of memory issue in the Android-ImageMagick7 project, specifically in a cloned function from the libxml2 library called xmlParseBalancedChunkMemoryRecover().
The problem occurs because the cloned function did not receive an important security patch that was applied upstream in the original libxml2 code. When certain conditions happen, such as when the doc parameter is NULL, a namespace is created and bound to a variable, but later freeing the document without properly releasing this namespace causes a memory leak.
This memory leak can lead to resource exhaustion or instability in the affected software until the patch from the original libxml2 repository was applied to Android-ImageMagick7 to fix the issue.
How can this vulnerability impact me? :
This vulnerability can impact you by causing a memory leak in the Android-ImageMagick7 software, which may lead to increased memory usage and potential denial of service due to resource exhaustion.
Since the CVSS score rates the impact on availability as high (A:H) but no impact on confidentiality or integrity, the main risk is that the affected system or application could become unstable or crash, disrupting normal operations.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability relates to a missing release of memory in the function xmlParseBalancedChunkMemoryRecover() within the Android-ImageMagick7 project. Detection would involve identifying the presence of the vulnerable version of Android-ImageMagick7 (before 7.1.2-11) on your system.
You can check the installed version of Android-ImageMagick7 by running commands that query the package version or inspecting the binary version information.
- For Linux-based systems, use: `dpkg -l | grep android-imagemagick7` or `rpm -qa | grep android-imagemagick7`
- If the software is built from source or embedded, check the version string with: `android-imagemagick7 --version` or similar command.
Since this vulnerability is a memory leak triggered by specific XML parsing code, network detection is not straightforward. Monitoring for unusual memory usage or crashes in processes using Android-ImageMagick7 might help indicate exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update Android-ImageMagick7 to version 7.1.2-11 or later, where the vulnerability has been fixed by applying the security patch from the original libxml2 project.
If updating is not immediately possible, consider restricting or monitoring the use of XML parsing features in Android-ImageMagick7 to reduce exposure.
Additionally, monitor system memory usage and application stability to detect potential exploitation attempts.