New Vulnerability in PHP's extract() Function Allows Arbitrary Code Execution

A new report describes a vulnerability in the extract() function of PHP that allows attackers to trigger a double-free. This vulnerability can then enable the execution of arbitrary code (native code).