Executive Summary

CVE-2026-4755 is a remote code execution vulnerability in the OpenBlob function of a cloned version of ImageMagick used in the MolotovCherry Android-ImageMagick7 project. The issue arises because the cloned code did not receive a critical security patch that was applied to the original ImageMagick repository. This flaw allows an attacker to execute arbitrary shell commands via the OpenBlob function when ImageMagick is configured with the --enable-pipes option.

The vulnerability is caused by improper input validation (CWE-20) leading to shell command injection. A security patch from the original ImageMagick repository was backported to fix this issue in the cloned codebase, eliminating the risk of remote code execution.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have severe impacts as it allows an attacker to remotely execute arbitrary shell commands on the affected system without any privileges or user interaction. This can lead to full system compromise, data theft, data corruption, or disruption of services.

Because the vulnerability affects a widely used image processing library in an Android project, any application or system using the vulnerable version before 7.1.2-11 could be exploited remotely, potentially leading to unauthorized access and control over the device or server.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability is a remote code execution issue in the OpenBlob function of the MolotovCherry Android-ImageMagick7 project before version 7.1.2-11, caused by shell command injection when configured with the --enable-pipes option.'}, {'type': 'paragraph', 'content': 'To detect if your system is vulnerable, you should first identify if you are running a version of Android-ImageMagick7 prior to 7.1.2-11.'}, {'type': 'paragraph', 'content': 'You can check the version of the installed ImageMagick library or the MolotovCherry Android-ImageMagick7 package by running commands such as:'}, {'type': 'list_item', 'content': 'For checking ImageMagick version: `convert --version` or `magick --version`'}, {'type': 'list_item', 'content': 'For checking package version on Android or Linux systems: `dpkg -l | grep android-imagemagick7` or `rpm -qa | grep android-imagemagick7`'}, {'type': 'paragraph', 'content': "Additionally, monitoring logs for suspicious shell command executions or unexpected behavior related to ImageMagick's OpenBlob function could help detect exploitation attempts."}] [1]

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation step is to update the MolotovCherry Android-ImageMagick7 package to version 7.1.2-11 or later, which includes the security patch that fixes the shell command injection vulnerability in the OpenBlob function.

If an immediate update is not possible, consider disabling or avoiding the use of the --enable-pipes option in ImageMagick configurations, as this option is related to the vulnerability.

Also, restrict access to the vulnerable service or application to trusted users and networks to reduce the risk of exploitation.

Monitor system logs for any suspicious activity related to ImageMagick usage and consider applying any available vendor or community patches that backport the fix.

Useful 0 Not Useful 0