Tcpdump is vulnerable to a buffer overflow, caused by improper bounds checking by the lmp_print_data_link_subobjs function in print-lmp.c. By sending specially-crafted data, a remote attacker could overflow a buffer and cause the application to crash.