Statement on glibc/iconv Vulnerability
Recently, a bug in glibc version 2.39 and older (CVE-2024-2961) was uncovered where a buffer overflow in character set conversions to the ISO-2022-CN-EXT character set affects PHP.
Read our full statement at https://php.net/archive/2024.php#2024-04-24-1
https://www.ambionics.io/blog/iconv-cve-2024-2961-p1