The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame().
CVE-2016-7938 (Candidate) is related to these bugs: