source: https://www.securityfocus.com/bid/46429/info

PHP is prone to a denial-of-service vulnerability caused by a NULL-pointer dereference.

An attacker can exploit this issue to cause an appliation written in PHP to crash, denying service to legitimate users.

PHP 5.3.5 is vulnerable; other versions may also be affected. 

The following proof-of-concept is available:

grapheme_extract('a',-1);