Information Disclosure Vulnerability in ImageMagick by ImageMagick
CVE-2026-56369
6.3MEDIUM
What is CVE-2026-56369?
An information disclosure vulnerability exists in ImageMagick due to the reuse of the AES-CTR nonce in the PasskeyEncipherImage method. This flaw allows attackers to exploit the underlying cipher implementation, potentially recovering plaintext data from encrypted images. The vulnerability affects versions of ImageMagick prior to 7.1.2-22, highlighting the importance of version upgrades to mitigate security risks.
Affected Version(s)
ImageMagick 0 < 7.1.2-22
ImageMagick 0 < 6.9.13-47
ImageMagick 7.1.2-22