A security update has been released for all supported HHVM versions. Please update to one of the following versions to get the update:
- 4.21.0 (new version being released today)
This security update addresses a possible memory overflow in the GD extension when a carefully constructed invalid JPEG input is passed in.
More information can be found in the respective CVEs: