sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.
Created libpcap tracking bugs for this issue:
Affects: fedora-all [bug 1760624]
A Low Impact has been given to this flaw even though the CVSSv3 is 7.5, because libpcap library is mainly used as part of debugging tools like wireshark or tcpdump, where an impact to the Availability is not considered security relevant in a reasonable scenario.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2020:4547 https://access.redhat.com/errata/RHSA-2020:4547
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):