VYPR
Critical severity9.8GHSA Advisory· Published Oct 24, 2024· Updated Apr 15, 2026

CVE-2024-48514

CVE-2024-48514

Description

php-heic-to-jpg <= 1.0.5 is vulnerable to code injection (fixed in 1.0.6). An attacker who can upload heic images is able to execute code on the remote server via the file name. As a result, the CIA is no longer guaranteed. This affects php-heic-to-jpg 1.0.5 and below.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
maestroerror/php-heic-to-jpgPackagist
< 1.0.51.0.5

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.