Description
Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.
Remediation
References
Related Vulnerabilities
Apache Tomcat Uncontrolled Resource Consumption Vulnerability (CVE-2019-0199)
OpenSSL Missing Encryption of Sensitive Data Vulnerability (CVE-2019-1547)
WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.17)
Oracle Application Server Other Vulnerability (CVE-2004-1369)
Question2Answer Improper Input Validation Vulnerability (CVE-2017-12775)