free while unserializing untrusted data - CVE-2017-12932 - CVE-2017-12934 - Buffer over-read while unserializing untrusted data - CVE-2017-12933 - Out-of-bounds read for crafted JPEG data - CVE-2018-10549 59 Ref: https://www.tripwire.com/state-of-security/vert/fuzzing-php-for-fun-and-profit/