Young

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 2.2.0 through 2.2.11 Wireshark versions 2.4.0 through 2.4.3 **Description** The issue concerns a potential crash in the IxVeriWave file parser. This was due to incorrect signature timestamp bounds checks. The problem does not specify the number of potentially affected devices or any real-world incidents where this issue was exploited. **Recommendations** For Wireshark versions 2.2.0 through 2.2.11, update to a version that includes the correction made in wiretap/vwr.c to fix the signature timestamp bounds checks. For Wireshark versions 2.4.0 through 2.4.3, update to a version that includes the correction made in wiretap/vwr.c to fix the signature timestamp bounds checks.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 2.2.0 through 2.2.11 Wireshark versions 2.4.0 through 2.4.3 **Description** The issue concerns a potential crash in the WCP dissector due to insufficient validation of the available buffer length. This was resolved by implementing proper validation in the dissector code. **Recommendations** For Wireshark versions 2.2.0 through 2.2.11, update to a version that includes the fix for the WCP dissector crash. For Wireshark versions 2.4.0 through 2.4.3, update to a version that includes the fix for the WCP dissector crash.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 2.2.0 through 2.2.11 Wireshark versions 2.4.0 through 2.4.3 **Description** The issue concerns the JSON, XML, NTP, XMPP, and GDB dissectors in Wireshark, which could crash due to excessive recursion. This was resolved by limiting the recursion depth in the epan/tvbparse.c file. **Recommendations** For Wireshark versions 2.2.0 through 2.2.11, update to a version that includes the fix for the recursion depth limitation in epan/tvbparse.c. For Wireshark versions 2.4.0 through 2.4.3, update to a version that includes the fix for the recursion depth limitation in epan/tvbparse.c.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions prior to 2.2.12 **Description** The issue arises from the MRDISC dissector misusing a NULL pointer, leading to a crash. This was resolved by validating an IPv4 address in the epan/dissectors/packet-mrdisc.c file. **Recommendations** For versions prior to 2.2.12, update to version 2.2.12 or later to resolve the issue. As a temporary workaround, consider disabling the MRDISC dissector until a patch is available.

**Name of the Vulnerable Software and Affected Versions** poppler version 0.54.0 **Description** The issue is a NULL pointer dereference in the `JPXStream::readUByte` function in `JPXStream.cc`. This can cause a crash, such as a segmentation fault, when parsing an invalid PDF file. For instance, the `perf test` utility will crash when encountering such a file. **Recommendations** For poppler version 0.54.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.