CVE Vulnerabilities

CVE-2026-56369

Reusing a Nonce, Key Pair in Encryption

Published: Jun 30, 2026 | Modified: Jul 02, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

ImageMagick before 7.1.2-22 contains an information disclosure vulnerability in the PasskeyEncipherImage method due to AES-CTR nonce reuse. Attackers can exploit nonce reuse in the cipher implementation to recover plaintext information from encrypted images.

Weakness

Nonces should be used for the present occasion and only once.

Affected Software

NameVendorStart VersionEnd Version
ImagemagickImagemagick*6.9.13-47 (excluding)
ImagemagickImagemagick7.0.0-0 (including)7.1.2-22 (excluding)
ImagemagickUbuntuupstream*

Potential Mitigations

References