Description
PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to as a "memory leak," but it is an information leak that discloses memory contents.
Remediation
References
Related Vulnerabilities
WordPress Plugin VK Gallery TimThumb Arbitrary File Upload (1.1.0)
Apache Tomcat Improperly Implemented Security Check for Standard Vulnerability (CVE-2017-15706)
Joomla! Core 3.x.x Multiple Vulnerabilities (3.7.0 - 3.8.3)
WordPress Other Vulnerability (CVE-2007-0107)
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-10202)