Information Disclosure Vulnerability in ImageMagick by ImageMagick
CVE-2026-56369

6.3MEDIUM

Key Information:

Vendor
CVE Published:
30 June 2026

What is CVE-2026-56369?

An information disclosure vulnerability exists in ImageMagick due to the reuse of the AES-CTR nonce in the PasskeyEncipherImage method. This flaw allows attackers to exploit the underlying cipher implementation, potentially recovering plaintext data from encrypted images. The vulnerability affects versions of ImageMagick prior to 7.1.2-22, highlighting the importance of version upgrades to mitigate security risks.

Affected Version(s)

ImageMagick 0 < 7.1.2-22

ImageMagick 0 < 6.9.13-47

ImageMagick 7.1.2-22

References

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

007bsd
LuiginoC
.