Fluid Attacks Database

Description

ImageMagick: Information Disclosure in PasskeyEncipherImage via AES-CTR nonce reuse The PasskeyEncipherImage method is vulnerable to information disclosure via AES-CTR nonce reuse. ImageMagick has update the documentation on its website to make it more clear that this is happening: https://imagemagick.org/cipher/

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
nuget	magick.net-q8-openmp-x64	>=0 <14.12.0	14.12.0
nuget	magick.net-q8-x64	>=0 <14.12.0	14.12.0
nuget	magick.net-q8-x86	>=0 <14.12.0	14.12.0
nuget	magick.net-q8-anycpu	>=0 <14.12.0	14.12.0
nuget	magick.net-q8-arm64	>=0 <14.12.0	14.12.0
nuget	magick.net-q16-hdri-anycpu	>=0 <14.12.0	14.12.0
nuget	magick.net-q16-anycpu	>=0 <14.12.0	14.12.0
nuget	magick.net-q16-hdri-openmp-arm64	>=0 <14.12.0	14.12.0
nuget	magick.net-q16-hdri-arm64	>=0 <14.12.0	14.12.0
nuget	magick.net-q16-hdri-x64	>=0 <14.12.0	14.12.0

1-10 of 17

Aliases

1. GHSA-qv2q-c278-pch52. GCVE-GHSA-qv2q-c278-pch5

References

1. https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qv2q-c278-pch52. https://imagemagick.org/cipher