Fileinfo and php_parserr() buffer overflows. GD poisoned NULL byte vulnerability.
vulners.com/securityvulns/securityvulns:doc:31078