For a long time, Old Faithful felt secure. After all, 5.6.40 was a "security release." It had been patched to fix multiple vulnerabilities that plagued earlier 5.6.x versions, including integer underflow, buffer overflows, and out-of-bounds read errors . It was the fortress built to withstand the dying days of an era.
Improper memory operations in PHAR reading functions could allow an attacker to disclose sensitive information by persuading a user to parse a crafted filename. php version 5640 vulnerabilities link