We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-48514



Description

php-heic-to-jpg <= 1.0.5 is vulnerable to code injection (fixed in 1.0.6). An attacker who can upload heic images is able to execute code on the remote server via the file name. As a result, the CIA is no longer guaranteed. This affects php-heic-to-jpg 1.0.5 and below.

Reserved 2024-10-08 | Published 2024-10-24 | Updated 2024-12-19 | Assigner mitre

References

github.com/MaestroError/php-heic-to-jpg

github.com/marcoris/CVEs/tree/master/CVE-2024-48514

advisories.gitlab.com/...ror/php-heic-to-jpg/CVE-2024-48514/

github.com/advisories/GHSA-g8v9-c8m3-942v

cve.org (CVE-2024-48514)

nvd.nist.gov (CVE-2024-48514)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2024-48514

Support options

Helpdesk Chat, Email, Knowledgebase