Monthly Archives: October 2014

CVE-2014-2299: Wireshark MPEG file parser buffer overflow

Around the 6th of March 2014 i reported a security issue (CVE-2014-2299) to the developers of Wireshark-logoWireshark. I discovered the vulnerability in Wireshark using file fuzzing. The versions 1.10.0 to 1.10.5 and 1.8.0 to 1.8.12 of Wireshark are affected by the vulnerability.

The vulnerability is present in the wiretap/mpeg.c file. The maximum packed size was not checked correctly, so the vulnerability could lead to a Denial of Service (DoS) or arbitrary code execution. The exact modification which is done by the developers of Wireshark to fix the problem, can be found here:

https://code.wireshark.org/review/#/c/533/2/wiretap/mpeg.c

Continue reading