The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do
not verify that their arguments correspond to a shmop resource, which allows
context-dependent attackers to read and write arbitrary memory locations via
arguments associated with an inappropriate resource, as demonstrated by a GD
Maps to MOPB-15-2007, and is mentioned in bug 230556, but is not explicitly
closed by any Errata (that I have found).
*** This bug has been marked as a duplicate of 240161 ***