Laurent Butti

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.10.x through 1.10.3 **Description** The issue exists in the BSSGP dissector due to incorrect handling of global variables. This allows remote attackers to cause a denial of service, resulting in an application crash, via a crafted packet. **Recommendations** For Wireshark versions 1.10.x through 1.10.3, update to version 1.10.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.8.x through 1.8.11 Wireshark versions 1.10.x through 1.10.3 **Description** The issue is related to multiple buffer overflows in the create ntlmssp v2 key function in the NTLMSSP v2 dissector. This can be exploited by remote attackers to cause a denial of service, specifically an application crash, by sending a packet with a long domain name. **Recommendations** For Wireshark versions 1.8.x through 1.8.11, update to version 1.8.12 or later. For Wireshark versions 1.10.x through 1.10.3, update to version 1.10.4 or later.

**Name of the Vulnerable Software and Affected Versions** FFmpeg versions prior to 2.1 **Description** The issue allows remote attackers to cause a denial of service or possibly have other impacts via crafted JPEG2000 data in the libavcodec/jpeg2000.c file. **Recommendations** For versions prior to 2.1, update to version 2.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** FFmpeg versions prior to 2.0.1 **Description** The issue is related to the av reallocp array function in libavutil/mem.c, which has an unspecified impact and remote vectors related to a "wrong return code" and a resultant NULL pointer dereference. **Recommendations** For versions prior to 2.0.1, update to version 2.0.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.10.0 through 1.10.1 **Description** The issue is related to the Bluetooth HCI ACL dissector, which does not properly maintain a certain free list. This allows remote attackers to cause a denial of service, resulting in an application crash, via a crafted packet that is not properly handled by the `wmem block alloc` function in `epan/wmem/wmem allocator block.c`. **Recommendations** For Wireshark versions 1.10.0 through 1.10.1, update to version 1.10.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** VLC Media Player versions prior to 2.0.8 **Description** The issue is related to a buffer overflow in the mp4a packetizer, which can be exploited by remote attackers to cause a denial of service or possibly execute arbitrary code. The buffer overflow occurs in the dynamic memory of the mp4a packetizer. **Recommendations** For versions prior to 2.0.8, update to version 2.0.8 or later to resolve the issue. As a temporary workaround, consider disabling the mp4a packetizer function until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.10.x prior to 1.10.1 **Description** The issue is related to a double free vulnerability in the dissect dcom ActivationProperties function in the DCOM ISystemActivator dissector. This vulnerability allows remote attackers to cause a denial of service, resulting in an application crash, by sending a crafted packet. **Recommendations** For Wireshark versions 1.10.x prior to 1.10.1, update to version 1.10.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the DCOM ISystemActivator dissector to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.10.0 through 1.10.1 **Description** The issue is caused by an off-by-one error in the dissect radiotap function in the Radiotap dissector. This error allows remote attackers to cause a denial of service, resulting in an application crash, via a crafted packet. **Recommendations** For Wireshark versions 1.10.0 through 1.10.1, update to version 1.10.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.8.x through 1.8.7 **Description** The issue is related to the RDP dissector in Wireshark, where it fails to validate return values during checks for data availability. This can be exploited by remote attackers to cause a denial of service, resulting in an application crash, via a crafted packet. **Recommendations** For Wireshark versions 1.8.x through 1.8.7, update to version 1.8.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.6.x through 1.6.15 Wireshark versions 1.8.x through 1.8.7 **Description** The issue is related to the dissect capwap data function in the CAPWAP dissector, which incorrectly handles a -1 data value to represent an error condition. This allows remote attackers to cause a denial of service, resulting in an application crash, via a crafted packet. **Recommendations** For Wireshark versions 1.6.x through 1.6.15, update to version 1.6.16 or later. For Wireshark versions 1.8.x through 1.8.7, update to version 1.8.8 or later.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.8.x through 1.8.8 Wireshark versions 1.10.x through 1.10.0 **Description** The issue is related to the dissect dvbci tpdu hdr function in the DVB-CI dissector, which does not validate a certain length value before decrementing it. This allows remote attackers to cause a denial of service, resulting in an assertion failure and application exit, via a crafted packet. **Recommendations** For Wireshark versions 1.8.x through 1.8.8, update to version 1.8.9 or later. For Wireshark versions 1.10.x through 1.10.0, update to version 1.10.1 or later.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.8.x through 1.8.5 **Description** The issue allows remote attackers to cause a denial of service, resulting in an infinite loop, by providing invalid Sub-tlv data to the dissect mpls echo tlv dd map function in the MPLS Echo dissector. **Recommendations** For Wireshark versions 1.8.x through 1.8.5, update to version 1.8.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.6.x through 1.6.12 Wireshark versions 1.8.x through 1.8.4 **Description** The issue exists in the `fragment set tot len` function in `epan/reassemble.c` due to incorrect determination of the length of a reassembled packet for the DTLS dissector. This allows remote attackers to cause a denial of service (application crash) via a malformed packet. **Recommendations** For Wireshark versions 1.6.x through 1.6.12, update to version 1.6.13 or later. For Wireshark versions 1.8.x through 1.8.4, update to version 1.8.5 or later.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.6.x through 1.6.12 Wireshark versions 1.8.x through 1.8.4 **Description** The issue exists in the `dissect pw eth heuristic` function due to incorrect handling of apparent Ethernet address values at the beginning of MPLS data. This allows remote attackers to cause a denial of service (loop) via a malformed packet. **Recommendations** For Wireshark versions 1.6.x through 1.6.12, update to version 1.6.13 or later. For Wireshark versions 1.8.x through 1.8.4, update to version 1.8.5 or later.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.6.x through 1.6.12 Wireshark versions 1.8.x through 1.8.4 **Description** The issue is related to the dissect bthci eir ad data function in the Bluetooth HCI dissector, which uses an incorrect data type for a counter variable. This allows remote attackers to cause a denial of service, resulting in an infinite loop, via a malformed packet. **Recommendations** For Wireshark versions 1.6.x through 1.6.12, update to version 1.6.13 or later. For Wireshark versions 1.8.x through 1.8.4, update to version 1.8.5 or later.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.6.x through 1.6.12 Wireshark versions 1.8.x through 1.8.4 **Description** The issue arises from the `csnStreamDissector` function in the CSN.1 dissector, which fails to properly handle a large number of padding bits. This allows remote attackers to cause a denial of service, resulting in an infinite loop, by sending a malformed packet. **Recommendations** For Wireshark versions 1.6.x through 1.6.12, update to version 1.6.13 or later. For Wireshark versions 1.8.x through 1.8.4, update to version 1.8.5 or later.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.6.x through 1.6.12 Wireshark versions 1.8.x through 1.8.4 **Description** The issue exists in the `rtps util add bitmap` function due to incorrect implementation of nested loops for processing bitmap data. This allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. **Recommendations** For Wireshark versions 1.6.x through 1.6.12, update to version 1.6.13 or later. For Wireshark versions 1.8.x through 1.8.4, update to version 1.8.5 or later.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.6.x through 1.6.12 Wireshark versions 1.8.x through 1.8.4 **Description** The issue exists in the epan/tvbuff.c file of Wireshark due to incorrect validation of length values for the MS-MMC dissector. This allows remote attackers to cause a denial of service, resulting in an application crash, via a malformed packet. **Recommendations** For Wireshark versions 1.6.x through 1.6.12, update to version 1.6.13 or later. For Wireshark versions 1.8.x through 1.8.4, update to version 1.8.5 or later.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.8.x through 1.8.2 **Description** The issue is related to a buffer overflow in the dissect tlv function in the LDP dissector. This can be exploited by remote attackers via a malformed packet, potentially causing a denial of service or other unspecified impacts. **Recommendations** For Wireshark versions 1.8.x through 1.8.2, update to version 1.8.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.6.x through 1.6.9 Wireshark versions 1.8.x through 1.8.1 **Description** A buffer overflow issue exists in the dissect gsm rlcmac downlink function in the GSM RLC MAC dissector, allowing remote attackers to execute arbitrary code via a malformed packet. **Recommendations** For Wireshark versions 1.6.x through 1.6.9, update to version 1.6.10 or later. For Wireshark versions 1.8.x through 1.8.1, update to version 1.8.2 or later.