Wireshark 4.6.7 patches a dozen security flaws
Network analysts who open packet captures in Wireshark push untrusted data through a large set of protocol dissectors, and each parser is a spot where a malformed frame can trip up the software. The 4.6.7 maintenance release closes twelve of those weak points. The fixes reach from cellular signaling parsers to the code that reads capture files off disk.

The security fixes
Most of the patched advisories describe crashes. A crafted packet or capture file could push a dissector into reading past its buffer or touching bad memory, ending the session. The affected parsers include Catapult DCT2000, SSH, IEEE 802.11, Z39.50, and UMTS FP, along with the pcapng file reader and the DBS Etherwatch file parser.
A few of the flaws work by other means. The FMP/NOTIFY dissector could enter a large loop on certain input, and a separate advisory collects several dissectors that could spin in infinite loops. The BLF file parser carried an information disclosure bug, where data outside the intended bounds could leak into the decoded output. The TLS ECH decryption path and the Ciscodump extcap helper each had their own crash.
Bugs beyond the security list
The release also repairs sixteen non-security bugs. One that will matter to anyone building on Wireshark is a use-after-free in the Ethernet POWERLINK dissector that triggered on a profile-loading error path. Another is a heap-buffer-overflow in the Android Logcat parser.
Several fixes touch everyday annoyances. Wireshark could show its interface in German when the system language was set to Dutch. An IPv6 ping from Debian and other systems was being decoded as HiPerConTracer traffic. The HEVC video dissector flagged some packets as malformed because a bit offset went un-advanced. A heap corruption error could crash the program when it loaded the last saved recent_common file.
A new Windows toolchain and protocol updates
The Windows installers are now built with Visual Studio 2026. This release adds no new protocol dissectors. It does update a long roster of existing ones, among them DNS, DCERPC, SSH, IEEE 802.11, MEGACO, and H.265.
Capture file handling gained updates for Android Logcat, BLF, DBS Etherwatch, Netlog, and pcapng. File format decoding stayed the same in this cycle.
Where extcap helpers now live
One entry in this release is a documentation catch-up for plugin authors. On UN*X systems, Wireshark searches for extcap binaries under the libexec directory by default, for example /usr/libexec/wireshark/extcap. This is the customary home for helper binaries, which skip the multiarch handling that libraries require. The bundled extcap tools already install in the new spot. Third-party extcaps may need packaging changes to match.
The move happened back in version 4.6.0. The notes for that version omitted it, and 4.6.7 sets it down in writing. The location can be overridden with the WIRESHARK_EXTCAP_DIR environment variable. Some distributions, such as Alpine Linux, lack a libexec directory, and on those the binaries stay where they were.