Facebook has patched two high-severity vulnerabilities in its server application that could have allowed remote attackers to unauthorisedly obtain sensitive information or cause a denial of service just by uploading a maliciously crafted image file. The vulnerabilities reside in(HipHop Virtual Machine a high-performance, open source virtual machine developed by Facebook for executing programs written in PHP and Hack programming languages. Both issues may also impact other websites that use HHVM, including Wikipedia, Box and especially those which allow their users to upload images on the server.
Source: https://thehackernews.com/2019/09/facebook-hhvm-vulnerability.html