A vulnerability in multiple dissector components of Wireshark could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.
The vulnerability is due to improper handling of malformed packets by the affected software. An attacker could exploit this vulnerability by injecting a malformed packet into a network to be processed by the affected application or by convincing a targeted user to open a malicious packet trace file. A successful exploit could cause the Licklider Transmission Protocol (LTP) dissector or other dissector components to consume excessive amounts of memory resources, causing the software to crash and resulting in a DoS condition.
Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.
Wireshark has confirmed the vulnerability and released software updates.