ip_print procedure in Tcpdump 3.4a allows remote attackers to cause a denial of service via a packet with a zero length header, which causes an infinite loop and core dump when tcpdump prints the packet.
http://www.securityfocus.com/bid/313
http://marc.info/?l=bugtraq&m=92989907627051&w=2