The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted date string, related to improper memory allocation.

More... (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4221)