Remote code execution in php-heic-to-jpg
High severity
GitHub Reviewed
Published
Oct 24, 2024
to the GitHub Advisory Database
•
Updated Dec 19, 2024
Description
Published by the National Vulnerability Database
Oct 24, 2024
Published to the GitHub Advisory Database
Oct 24, 2024
Reviewed
Oct 24, 2024
Last updated
Dec 19, 2024
php-heic-to-jpg < 1.0.5 is vulnerable to remote code execution. An attacker who can upload heic images is able to execute code on the remote server via the file name. As a result, the CIA is no longer guaranteed. This affects php-heic-to-jpg below 1.0.5.
References