ImageMagick before 7.1.2-22 contains an information disclosure vulnerability in the PasskeyEncipherImage method due to AES-CTR nonce reuse. Attackers can exploit nonce reuse in the cipher implementation to recover plaintext information from encrypted images.
Nonces should be used for the present occasion and only once.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Imagemagick | Imagemagick | * | 6.9.13-47 (excluding) |
| Imagemagick | Imagemagick | 7.0.0-0 (including) | 7.1.2-22 (excluding) |
| Imagemagick | Ubuntu | upstream | * |