This is an improper input validation (CWE-20) vulnerability in the open-source Android-ImageMagick7 library. The flaw allows attackers to pass unvalidated malicious input to vulnerable versions of the library. It has a CVSS v3 score of 9.8, making it a critical risk for applications that use this library to process untrusted image files.
Remediation
Update Android-ImageMagick7 to version 7.1.2-11 or later to address this vulnerability. Verify the integrity of the updated library before deploying it to production applications. Scan applications that use this library for any signs of compromise after patching.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.