A use-after-free vulnerability was discovered in unserialize() with SPL ArrayObject object's deserialization that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.
bdc3dd33954af63076460ec415aa1687a2a7bb0690e51d14cc41bd321bce45d0