VYPR

cflow

by GNU

CVEs (5)

  • CVE-2019-16166MedSep 9, 2019
    risk 0.42cvss 6.5epss 0.01

    GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c.

  • CVE-2019-16165MedSep 9, 2019
    risk 0.42cvss 6.5epss 0.01

    GNU cflow through 1.6 has a use-after-free in the reference function in parser.c.

  • CVE-2025-8736MedAug 8, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability, which was classified as critical, has been found in GNU cflow up to 1.8. Affected by this issue is the function yylex of the file c.c of the component Lexer. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit…

  • CVE-2023-2789LowMay 18, 2023
    risk 0.23cvss 3.5epss 0.01

    A vulnerability was found in GNU cflow 1.7. It has been rated as problematic. This issue affects the function func_body/parse_variable_declaration of the file parser.c. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The…

  • CVE-2025-8735LowAug 8, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability classified as problematic was found in GNU cflow up to 1.8. Affected by this vulnerability is the function yylex of the file c.c of the component Lexer. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has…