PT-2024-33130 · Unknown · Php-Heic-To-Jpg
Marco Ris
·
Published
2024-10-24
·
Updated
2024-12-19
·
CVE-2024-48514
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
php-heic-to-jpg versions 1.0.5 and below
Description
The issue allows an attacker who can upload heic images to execute code on the remote server via the file name, resulting in a loss of confidentiality, integrity, and availability.
Recommendations
For versions 1.0.5 and below, update to version 1.0.6 or later to resolve the issue.
Exploit
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Php-Heic-To-Jpg