GHSA-g8v9-c8m3-942v

Suggest an improvement
Source
https://github.com/advisories/GHSA-g8v9-c8m3-942v
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/10/GHSA-g8v9-c8m3-942v/GHSA-g8v9-c8m3-942v.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-g8v9-c8m3-942v
Aliases
  • CVE-2024-48514
Published
2024-10-24T18:30:44Z
Modified
2024-10-24T22:29:10.783134Z
Summary
Remote code execution in php-heic-to-jpg
Details

php-heic-to-jpg <= 1.0.5 is vulnerable to remote code execution. An attacker who can upload heic images is able to execute code on the remote server via the file name. As a result, the CIA is no longer guaranteed. This affects php-heic-to-jpg 1.0.5 and below.

References

Affected packages

Packagist / maestroerror/php-heic-to-jpg

Package

Name
maestroerror/php-heic-to-jpg
Purl
pkg:composer/maestroerror/php-heic-to-jpg

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.5

Affected versions

v0.*

v0.1
v0.2
v0.3
v0.3.1
v0.3.2
v0.4.0

v1.*

v1.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4