The vulnerability involves a double free in the iLBC codec implementation of Wireshark, which can cause the application to crash. An attacker is able to trigger the crash by supplying a maliciously crafted packet that the decoder processes, resulting in an interruption of the Wireshark user session and potential service disruption. The weakness is identified as CWE‑415, a classic resource management flaw. The impact is limited to the availability of the Wireshark application, with no direct information disclosure or code execution reported in the official description.

Wireshark Foundation’s Wireshark product is affected for all releases from 4.4.0 through 4.4.14 and from 4.6.0 through 4.6.4. Any system running an unpatched version within those ranges, regardless of operating system, is vulnerable to the denial‑of‑service condition caused by the double‑free in the iLBC codec.

The CVSS score of 5.5 places the vulnerability in the medium severity range, and its exploitability is considered moderate because a crafted packet must be presented to the decoder. The EPSS score is not available, and the issue is not listed in the CISA KEV catalog, indicating no known widespread exploitation yet. The most likely attack vector is local or remote over a network interface—an adversary can either tamper with a live capture or supply a malicious capture file to an end‑user. The vulnerability can be abused whenever Wireshark processes the iLBC payload, which requires the user to run the application or distribute the offending trace to others.