Launchpad.net

CVE 2016-1000006

hhvm before 3.12.11 has a use-after-free in the serialize_memoize_param() and ResourceBundle::__construct() functions.

See the CVE page on Mitre.org for more details.