source: https://www.securityfocus.com/bid/46429/info PHP is prone to a denial-of-service vulnerability caused by a NULL-pointer dereference. An attacker can exploit this issue to cause an appliation written in PHP to crash, denying service to legitimate users. PHP 5.3.5 is vulnerable; other versions may also be affected. The following proof-of-concept is available: grapheme_extract('a',-1);