PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call. https://nvd.nist.gov/vuln/detail/CVE-2017-9118