The Tcpdump program could crash when processing a malformed OLSR
payload when the verbose output flag was set (CVE-2014-8767).
The application decoder for the Ad hoc On-Demand Distance Vector (AODV)
protocol in Tcpdump fails to perform input validation and performs
unsafe out-of-bound accesses. The application will usually not crash,
but perform out-of-bounds accesses and output/leak larger amounts of
invalid data, which might lead to dropped packets. It is unknown if
a payload exists that might trigger segfaults (CVE-2014-8769).
It was discovered that tcpdump incorrectly handled printing PPP
packets. A remote attacker could use this issue to cause tcpdump to
crash, resulting in a denial of service, or possibly execute arbitrary
code (CVE-2014-9140).
In libFLAC before 1.3.1, a stack overflow (CVE-2014-8962) and a heap
overflow (CVE-2014-9028), which may result in arbitrary code execution,
can be triggered by passing a maliciously crafted .flac file to the
libFLAC decoder.