PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.
[
{
"product": "php5",
"vendor": "php5",
"versions": [
{
"status": "affected",
"version": "before 5.4.4"
}
]
}
]