A use-after-free vulnerability was discovered in unserialize() with SplObjectStorage object's deserialization and crafted object's __wakeup() magic method that can be abused for leaking arbitrary memory blocks or executing arbitrary code remotely. Affected are PHP versions prior to 5.6.13.
4fd5caf7c4dcacd754676a3cbc4212c2832b480514c1f218168a70d4dc9d6079