Skip to content

Remote code execution in php-heic-to-jpg

High severity GitHub Reviewed Published Oct 24, 2024 to the GitHub Advisory Database • Updated Oct 24, 2024

Package

composer maestroerror/php-heic-to-jpg (Composer)

Affected versions

< 1.0.5

Patched versions

1.0.5

Description

php-heic-to-jpg <= 1.0.5 is vulnerable to remote code execution. An attacker who can upload heic images is able to execute code on the remote server via the file name. As a result, the CIA is no longer guaranteed. This affects php-heic-to-jpg 1.0.5 and below.

References

Published by the National Vulnerability Database Oct 24, 2024
Published to the GitHub Advisory Database Oct 24, 2024
Reviewed Oct 24, 2024
Last updated Oct 24, 2024

Severity

High

EPSS score

0.043%
(10th percentile)

Weaknesses

CVE ID

CVE-2024-48514

GHSA ID

GHSA-g8v9-c8m3-942v

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.