Critical severity9.8NVD Advisory· Published Oct 24, 2024· Updated Apr 15, 2026
CVE-2024-48514
CVE-2024-48514
Description
php-heic-to-jpg <= 1.0.5 is vulnerable to code injection (fixed in 1.0.6). An attacker who can upload heic images is able to execute code on the remote server via the file name. As a result, the CIA is no longer guaranteed. This affects php-heic-to-jpg 1.0.5 and below.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
maestroerror/php-heic-to-jpgPackagist | < 1.0.5 | 1.0.5 |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-g8v9-c8m3-942vnvdADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-48514ghsaADVISORY
- advisories.gitlab.com/pkg/composer/maestroerror/php-heic-to-jpg/CVE-2024-48514ghsaWEB
- github.com/MaestroError/php-heic-to-jpg/pull/34ghsaWEB
- github.com/marcoris/CVEs/tree/master/CVE-2024-48514nvdWEB
- advisories.gitlab.com/pkg/composer/maestroerror/php-heic-to-jpg/CVE-2024-48514/nvd
News mentions
0No linked articles in our index yet.