GHSA-QV2Q-C278-PCH5: GHSA-qv2q-c278-pch5: Cryptographic Nonce Reuse and Information Disclosure in ImageMagick

#security #cve #cybersecurity #ghsa

GHSA-qv2q-c278-pch5: Cryptographic Nonce Reuse and Information Disclosure in ImageMagick

Vulnerability ID: GHSA-QV2Q-C278-PCH5
CVSS Score: 3.7
Published: 2026-05-21

ImageMagick and its .NET wrapper Magick.NET fail to generate unique Initialization Vectors (IVs) when using the PasskeyEncipherImage method with AES-CTR mode. The deterministic derivation of the IV relies solely on the passphrase and the image dimensions. This cryptographic flaw leads to nonce reuse, allowing an attacker to recover plain text pixel data via XOR operations on ciphertexts.

TL;DR

ImageMagick's encipher utility derives AES-CTR nonces deterministically from image dimensions and passwords, causing keystream reuse. Attackers can recover plaintext images by XORing multiple encrypted images of the same size.

Technical Details

CWE ID: CWE-323
Attack Vector: Network
CVSS Score: 3.7 (Low)
Impact: Confidentiality Loss
Exploit Status: Theoretical/PoC
KEV Status: Not Listed

Affected Systems

ImageMagick
Magick.NET
Magick.NET-Q16-AnyCPU: < 14.12.0 (Fixed in: 14.12.0)
Magick.NET-Q8-AnyCPU: < 14.12.0 (Fixed in: 14.12.0)

Mitigation Strategies

Upgrade Magick.NET to version 14.12.0 or newer.
Ensure a unique passphrase is used for every single image if using the encipher feature.
Migrate to standard, purpose-built cryptographic libraries (e.g., AES-GCM in standard libraries) for robust encryption rather than relying on image processor utilities.

Remediation Steps:

Identify all projects importing Magick.NET distributions (Q8, Q16, HDRI).
Update the NuGet package references to 14.12.0.
Review application source code for usage of PasskeyEncipherImage.
Replace ImageMagick encryption routines with dedicated file encryption mechanisms.