Description
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.
Remediation
References
Related Vulnerabilities
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-1864)
WordPress Plugin Gravity Forms Constant Contact Cross-Site Scripting (1.0.5)
WordPress Plugin WP Google Review Slider SQL Injection (6.1)
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-4043)