A crash due to a heap-based out-of-bounds read can be observed in an ASAN build of Wireshark, by feeding a malformed file to tshark ("$ ./tshark -nVxr /path/to/file"):
Created wireshark tracking bugs for this issue:
Affects: fedora-all [bug 1697899]
Function dissect_spoolss_buffer_data() in dissectors/packet-dcerpc-spoolss.c dissects a size value and then uses it to retrieve some data. However, the size value is not validated, thus it can cause the program to read out of bounds, leaking memory content or making the application crash.