What is the CVSS score of CVE-2026-33853?

CVE-2026-33853 has a CVSS 3.1 base score of 5.5 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Android are affected by CVE-2026-33853?

CVE-2026-33853 presents moderate security risk, a null pointer dereference vulnerability rated CVSS 5.5. Exploitation could compromise the security of affected deployments.. A patch is available.

Android CVE-2026-33853

EUVD-2026-14756 MEDIUM

NULL Pointer Dereference (CWE-476)

2026-03-24 GovTech CSG

GHSA-gjvg-qpv3-qmp6

Null Pointer Dereference Denial Of Service Google Android

5.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

5.5 MEDIUM

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 24, 2026 - 06:15 euvd

EUVD-2026-14756

Analysis Generated

Mar 24, 2026 - 06:15 vuln.today

Patch released

Mar 24, 2026 - 06:15 nvd

Patch available

CVE Published

Mar 24, 2026 - 05:56 nvd

MEDIUM 5.5

DescriptionCVE.org

NULL Pointer Dereference vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-10.

AnalysisAI

A NULL pointer dereference vulnerability exists in MolotovCherry Android-ImageMagick7 before version 7.1.2-10 that allows local attackers with user interaction to trigger a denial of service condition by crashing the application. The vulnerability affects the Android-ImageMagick7 library (CWE-476) and requires local access and user interaction to exploit, resulting in high availability impact but no confidentiality or integrity compromise. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	The CVSS 3.1 score of 5.5 (Medium) reflects a local attack vector with low complexity and no privilege requirement, but user interaction is required. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker crafts a malformed image file (PNG, JPEG, or other format) containing invalid data structures that trigger an unchecked null pointer dereference in Android-ImageMagick7's image parsing routines. When a user opens or processes this image file through an application using the vulnerable library, the NULL pointer dereference causes the application to crash, resulting in a denial of service. …
Remediation	Upgrade Android-ImageMagick7 to version 7.1.2-10 or later by pulling the patched code from https://github.com/MolotovCherry/Android-ImageMagick7/pull/183 and recompiling dependent applications. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-33853 vulnerability details – vuln.today

Back

Android CVE-2026-33853

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code