ImageMagick <7.1.2-22: PasskeyEncipherImage AES-CTR Nonce Reuse Disclosure
CVE-2026-56369 Published on June 30, 2026
ImageMagick - Information Disclosure via AES-CTR Nonce Reuse in PasskeyEncipherImage
ImageMagick before 7.1.2-22 contains an information disclosure vulnerability in the PasskeyEncipherImage method due to AES-CTR nonce reuse. Attackers can exploit nonce reuse in the cipher implementation to recover plaintext information from encrypted images.
Vulnerability Analysis
CVE-2026-56369 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
Reusing a Nonce, Key Pair in Encryption
Nonces should be used for the present occasion and only once.
Products Associated with CVE-2026-56369
Want to know whenever a new CVE is published for ImageMagick? stack.watch will email you.
Affected Versions
ImageMagick:- Before 7.1.2-22 is affected.
- Version 7.1.2-22 is unaffected.
- Before 6.9.13-47 is affected.
- Version 6.9.13-47 is unaffected.