PHP Use After Free Vulnerability - CVE-2019-9020

An issue was discovered in PHP before 5.6.40 7.x before 7.1.26 7.2.x before 7.2.14 and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c.