CVE-2026-56369

Summary

ImageMagick before 7.1.2-22 contains an information disclosure vulnerability in the PasskeyEncipherImage method due to AES-CTR nonce reuse. Attackers can exploit nonce reuse in the cipher implementation to recover plaintext information from encrypted images.

Affected Software

VendorProductVersion RangeStatus
ImageMagickImageMagick0 < 7.1.2-22affected
ImageMagickImageMagick7.1.2-22unaffected
ImageMagickImageMagick0 < 6.9.13-47affected
ImageMagickImageMagick6.9.13-47unaffected

Weaknesses

  • CWE-323: Reusing a Nonce, Key Pair in Encryption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References