Gnu Cflow vulnerabilities

CVE-2025-8736 [MEDIUM] CWE-119 CVE-2025-8736: A vulnerability, which was classified as critical, has been found in GNU cflow up to 1.8. Affected b A vulnerability, which was classified as critical, has been found in GNU cflow up to 1.8. Affected by this issue is the function yylex of the file c.c of the component Lexer. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

CVE-2025-8735 [MEDIUM] CWE-404 CVE-2025-8735: A vulnerability classified as problematic was found in GNU cflow up to 1.8. Affected by this vulnera A vulnerability classified as problematic was found in GNU cflow up to 1.8. Affected by this vulnerability is the function yylex of the file c.c of the component Lexer. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

CVE-2023-2789 [LOW] CWE-404 CVE-2023-2789: A vulnerability was found in GNU cflow 1.7. It has been rated as problematic. This issue affects the A vulnerability was found in GNU cflow 1.7. It has been rated as problematic. This issue affects the function func_body/parse_variable_declaration of the file parser.c. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-229373 was assigned to this vulnerability. NOTE: The vendor w

CVE-2020-23856 [MEDIUM] CWE-416 CVE-2020-23856: Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/par Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee.

CVE-2019-16166 [MEDIUM] CWE-125 CVE-2019-16166: GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c. GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c.

CVE-2019-16165 [MEDIUM] CWE-416 CVE-2019-16165: GNU cflow through 1.6 has a use-after-free in the reference function in parser.c. GNU cflow through 1.6 has a use-after-free in the reference function in parser.c.