Babi discovered several buffer overflows in the LWRES dissector.
Versions affected: 0.9.15 to 1.0.10, 1.2.0 to 1.2.5
It may be possible to make Wireshark crash remotely or by convincing someone to read a malformed packet trace file.
Upgrade to Wireshark 1.2.6 or later.
And new version is in the tree. Arch teams, please, stabilize.
Stable for HPPA.
amd64 done too.
Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15
through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to
cause a denial of service (crash) via a malformed packet, as
demonstrated using a stack-based buffer overflow to the
Sounds like an app crash to me.
GLSA vote: NO.