CVE-2008-4217
Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows remote attackers to execute arbitrary code via the headers in a crafted CPIO archive, leading to a stack-based buffer overflow.
Date published : 2008-12-16
http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html