A buffer overflow in the imageloadfont function in PHP allowed context-dependent attackers to cause a denial of service and potentially execute arbitrary code via a crafted font file . A buffer overflow in the memnstr function allowed context-dependent attackers to cause a denial of service and potentially execute arbitrary code via the delimiter argument to the explode function . PHP, when used as a FastCGI module, allowed remote attackers to cause a denial of service via a request with multiple dots preceding the extension . An array index error in the imageRotate function in PHP allowed context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument to the function for an indexed image . The updated packages have been patched to correct these issues.