CVE-2009-1271
The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function.
Date published : 2009-04-08
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html