PHP Use of Externally-Controlled Format String Vulnerability - CVE-2011-1153

Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory cause a denial of service (memory corruption) or possibly execute arbitrary code via format string specifiers in an argument to a class method leading to an incorrect zend_throw_exception_ex call.