A security update has been released for all supported HHVM versions. Please update to one of the following versions to make sure you’re secure:

  • 4.24.0
  • 4.23.1
  • 4.22.1
  • 4.21.1
  • 4.20.3
  • 4.19.2
  • 4.18.3
  • 4.8.5
  • 3.30.11

This security update addresses a possible memory overflow in the number_format() function.

More information can be found in the respective CVE: