VUL-0: icu: out of bounds access

VUL-1: icu unum_setSymbol/unum_getSymbol crash

Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument.