GHSA-qv2q-c278-pch5LowCVSS 3.7Disclosed before NVD

ImageMagick: Information Disclosure in PasskeyEncipherImage via AES-CTR nonce reuse

Published
May 21, 2026
Last Modified
May 21, 2026

📋 Description

The PasskeyEncipherImage method is vulnerable to information disclosure via AES-CTR nonce reuse. ImageMagick has update the documentation on its website to make it more clear that this is happening: https://imagemagick.org/cipher/

🎯 Affected products17

  • nuget/Magick.NET-Q16-AnyCPU:< 14.12.0
  • nuget/Magick.NET-Q16-HDRI-AnyCPU:< 14.12.0
  • nuget/Magick.NET-Q16-HDRI-OpenMP-arm64:< 14.12.0
  • nuget/Magick.NET-Q16-HDRI-arm64:< 14.12.0
  • nuget/Magick.NET-Q16-HDRI-x64:< 14.12.0
  • nuget/Magick.NET-Q16-HDRI-x86:< 14.12.0
  • nuget/Magick.NET-Q16-OpenMP-arm64:< 14.12.0
  • nuget/Magick.NET-Q16-OpenMP-x64:< 14.12.0
  • nuget/Magick.NET-Q16-arm64:< 14.12.0
  • nuget/Magick.NET-Q16-x64:< 14.12.0
  • nuget/Magick.NET-Q16-x86:< 14.12.0
  • nuget/Magick.NET-Q8-AnyCPU:< 14.12.0
  • nuget/Magick.NET-Q8-OpenMP-arm64:< 14.12.0
  • nuget/Magick.NET-Q8-OpenMP-x64:< 14.12.0
  • nuget/Magick.NET-Q8-arm64:< 14.12.0
  • nuget/Magick.NET-Q8-x64:< 14.12.0
  • nuget/Magick.NET-Q8-x86:< 14.12.0

🔗 References (3)