It was reported that the libpcap file parser could crash. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
This is reported to affect Wireshark versions 1.10.0 to 1.10.3 and is fixed in 1.10.4. According to the upstream bug report, it was only ever reproduced in Windows, however the upstream advisory does not indicate that it is Windows-only.
Common Vulnerabilities and Exposures assigned an identifier CVE-2014-4174 to
the following vulnerability:
wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x
before 1.10.4 allows remote attackers to execute arbitrary code or
cause a denial of service (memory corruption and application crash)
via a crafted packet-trace file that includes a large packet.
Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.