Listen to this Post
The CVE arises from a flaw in the `PasskeyEncipherImage` method of ImageMagick (affecting its .NET wrappers via Magick.NET). ImageMagick scrambles only an image’s pixels to conceal its content, leaving metadata untouched. To perform this scrambling, it uses the AES cipher in Counter (CTR) mode, a stream cipher that XORs a keystream with plaintext. The keystream is generated by encrypting successive counter values with a cipher key, with each keystream block requiring a unique nonce (initial counter value). If the same (key, nonce) pair is ever reused, the XOR of two ciphertexts cancels out the keystream, revealing the XOR of the two plaintexts. An attacker who captures multiple images enciphered with the same passphrase can therefore derive the original pixel data without knowing the passphrase. ImageMagick derives the nonce from the first half of the user-provided passphrase and the cipher key from the second half. If the same passphrase is ever reused—even with completely different images—the same (key, nonce) pair is reused, violating the fundamental security requirement of AES-CTR. The vendor has updated its documentation to emphasize that a fresh passphrase must be used for each enciphered image, implying that earlier versions did not adequately warn users of this critical requirement, leading to the information‑disclosure vulnerability.
dailycve form:
Platform: Magick.NET
Version: < 14.12.0
Vulnerability: Nonce reuse
Severity: Low
date: May 21, 2026
Prediction: May 21, 2026
Analytics under heading What Undercode Say:
Determine the version of Magick.NET installed dotnet list package --include-transitive | grep Magick.NET Encipher an image using a passphrase (vulnerable behavior if passphrase is reused) magick input.png -encipher passphrase.txt output.png Decipher an image to verify correctness magick output.png -decipher passphrase.txt restored.png Python snippet to demonstrate the risk of nonce reuse in AES-CTR from Crypto.Cipher import AES import os key = os.urandom(32) static key nonce = os.urandom(8) static nonce (!! dangerous) cipher1 = AES.new(key, AES.MODE_CTR, nonce=nonce) cipher2 = AES.new(key, AES.MODE_CTR, nonce=nonce) plain1 = b"Secret pixel data A" plain2 = b"Secret pixel data B" ciphertext1 = cipher1.encrypt(plain1) ciphertext2 = cipher2.encrypt(plain2) XOR of ciphertexts equals XOR of plaintexts xor_cipher = bytes(a ^ b for a, b in zip(ciphertext1, ciphertext2)) xor_plain = bytes(a ^ b for a, b in zip(plain1, plain2)) assert xor_cipher == xor_plain
Exploit:
- Identify a target application that uses Magick.NET (version < 14.12.0) to encipher multiple images with the same passphrase.
- Capture at least two enciphered images that were produced with the same passphrase.
- Because the same (key, nonce) pair was reused, XOR the pixel streams of the two ciphertexts.
- The resulting XOR directly gives the XOR of the two plaintext pixel streams.
- If one of the plaintext images is known (e.g., a standard test pattern or a previously leaked image), the other plaintext can be recovered by XORing the known plaintext with the XOR of the two ciphertexts.
- If no plaintext is known, statistical analysis can often extract meaningful pixel data, as pixel values have low entropy.
Protection from this CVE:
- Upgrade to Magick.NET version 14.12.0 or later.
- If an immediate upgrade is not possible, ensure that a unique, cryptographically random passphrase is used for every enciphered image. Never reuse a passphrase.
- As a defense in depth, store passphrases in a secure key‑management system and rotate them frequently.
- Monitor logs for repeated use of the same passphrase fingerprint.
- When writing code, use the `-encipher` option with a fresh passphrase file for each operation, and delete the passphrase immediately after use.
Impact:
Successful exploitation allows an attacker to recover the original pixel content of enciphered images without possessing the passphrase. The attacker must have access to at least two images that were enciphered with the same passphrase. Impact is limited to information disclosure – the confidentiality of the image pixels is lost. Image metadata (e.g., EXIF, timestamps) is never scrambled and remains readable even without exploitation, which can further aid an attacker in contextualizing leaked images.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

