poppler could be made to crash if it opened a specially craftedfile.
Multiple vulnerabilities have been discovered in openjpeg2, the open-source JPEG 2000 codec, that could be leveraged to cause a denial of service or possibly remote code execution.
Clement Lecigne discovered a use-after-free issue in chromium’s file reader implementation. A maliciously crafted file could be used to remotely execute arbitrary code because of this problem.
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: The EXIF extension had multiple cases of invalid memory access and rename() was implemented insecurely.
Security fix for CVE-2018-15587