Skip to main content

ImageMagick EUVDEUVD-2026-40449

| CVE-2026-56369 MEDIUM
Reusing a Nonce, Key Pair in Encryption (CWE-323)
2026-06-30 VulnCheck GHSA-vgqj-4jhr-3wh5
6.3
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
6.3 MEDIUM
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
3.7 LOW

Network vector because encrypted images traverse networks; AC:H for required same-nonce ciphertext collection; PR:N since no authentication to ImageMagick itself is needed; C:L for partial plaintext recovery only.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
4.0 AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jul 01, 2026 - 02:16 EUVD
Analysis Generated
Jun 30, 2026 - 23:33 vuln.today

DescriptionCVE.org

ImageMagick before 7.1.2-22 contains an information disclosure vulnerability in the PasskeyEncipherImage method due to AES-CTR nonce reuse. Attackers can exploit nonce reuse in the cipher implementation to recover plaintext information from encrypted images.

AnalysisAI

Nonce reuse in ImageMagick's AES-CTR cipher implementation exposes encrypted image plaintext to recovery attacks. The PasskeyEncipherImage method in ImageMagick before 7.1.2-22 reuses nonces when performing AES in Counter mode, violating the fundamental security requirement that a nonce be used exactly once per key. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify target using PasskeyEncipherImage
Delivery
Collect two or more encrypted image files
Exploit
Confirm shared (key, nonce) context
Execution
XOR ciphertext blobs to cancel keystream
Impact
Recover plaintext image content

Vulnerability AssessmentAI

Exploitation Exploitation requires that the target deployment actively use ImageMagick's PasskeyEncipherImage feature to encrypt image files - organizations that do not invoke this specific method are not exposed. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 6.3 reflects a meaningful but bounded risk: AV:N indicates the attack is network-reachable (encrypted images can traverse networks), AC:H signals high attack complexity, and AT:P confirms that specific preconditions must be met beyond the attacker's direct control. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can collect two or more image files encrypted with ImageMagick's PasskeyEncipherImage using the same passkey and nonce - for example, by monitoring a file-sharing endpoint, cloud storage bucket, or backup pipeline - XORs the raw ciphertext blobs to obtain the XOR of the two plaintexts. Using standard image-structure knowledge (e.g., predictable headers, color patterns, or repeated regions), the attacker reconstructs one or both original images. …
Remediation Upgrade ImageMagick to version 7.1.2-22 or later, which resolves the AES-CTR nonce reuse in PasskeyEncipherImage. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-23876 CRITICAL POC
9.8 Jan 20

Heap buffer overflow in ImageMagick's XBM image decoder (ReadXBMImage) lets remote attackers write attacker-controlled d

CVE-2025-53015 HIGH POC
7.5 Jul 14

CVE-2025-53015 is a denial-of-service vulnerability in ImageMagick versions prior to 7.1.2-0 that causes infinite loops

CVE-2025-53101 HIGH POC
7.4 Jul 14

A remote code execution vulnerability in versions (CVSS 7.4). Risk factors: public PoC available. Vendor patch is availa

CVE-2026-23952 MEDIUM POC
6.5 Jan 22

ImageMagick and Magick.NET versions 14.10.1 and below are vulnerable to denial of service attacks through a null pointer

CVE-2026-25968 CRITICAL
9.8 Feb 24

Stack buffer overflow in ImageMagick's MSL (Magick Scripting Language) parser allows remote attackers to corrupt memory

CVE-2026-23874 MEDIUM POC
5.5 Jan 20

Imagemagick versions up to 7.1.2-13 is affected by loop with unreachable exit condition (infinite loop) (CVSS 5.5).

CVE-2026-25794 HIGH
8.2 Feb 24

Integer overflow in ImageMagick's UHDR image decoder allows remote attackers to trigger heap buffer overflows by supplyi

CVE-2026-28693 HIGH
8.1 Mar 10

High severity vulnerability in ImageMagick. An integer overflow in DIB coder can result in out of bounds read or write

CVE-2026-30929 HIGH
7.7 Mar 10

High severity vulnerability in ImageMagick. MagnifyImage uses a fixed-size stack buffer. When using a specific image it

CVE-2026-49218 HIGH
7.5

Denial of service in ImageMagick affects Alpine Linux package versions prior to 7.1.2.24-r0, where improper input valida

CVE-2026-25989 HIGH
7.5 Feb 24

ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 are vulnerable to denial of service when processing maliciously cra

CVE-2026-25985 HIGH
7.5 Feb 24

Imagemagick versions up to 7.1.2-15 is affected by allocation of resources without limits or throttling (CVSS 7.5).

Share

EUVD-2026-40449 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy