CVE-2007-5849
Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow.
Date published : 2007-12-19
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html