CVE-2007-4767

Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a p sequence, (2) a P sequence, or (3) a P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary code.

Date published : 2007-11-07

http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html