CVE-2010-4409
Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument.
Date published : 2010-12-06
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html