Hardened-PHP Project Security Advisory - PHP 5 versions 5.1.6 and below and PHP 4 versions 4.4.4 and below suffer from buffer overflows in htmlentities() and htmlspecialchars() which may allow for remote code execution.
dd4e3c70ff80ad927aae14623932b488a0e87be06018a88e926d95737511aa1d