CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 1CVE-2025-8736 – GNU cflow Lexer c.c yylex buffer overflow
https://notcve.org/view.php?id=CVE-2025-8736
08 Aug 2025 — A vulnerability, which was classified as critical, has been found in GNU cflow up to 1.8. Affected by this issue is the function yylex of the file c.c of the component Lexer. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/17lkJ5bSiQZoXLTg3bK-rGBt3kahN9Xse/view?usp=drive_link • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.8EPSS: 0%CPEs: 9EXPL: 1CVE-2025-8735 – GNU cflow Lexer c.c yylex null pointer dereference
https://notcve.org/view.php?id=CVE-2025-8735
08 Aug 2025 — A vulnerability classified as problematic was found in GNU cflow up to 1.8. Affected by this vulnerability is the function yylex of the file c.c of the component Lexer. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1Q_rDQSEl3cBu6SUbfqr9pV9cHgvKcXFI/view?usp=drive_link • CWE-404: Improper Resource Shutdown or Release CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16165
https://notcve.org/view.php?id=CVE-2019-16165
09 Sep 2019 — GNU cflow through 1.6 has a use-after-free in the reference function in parser.c. GNU cflow versiones hasta 1.6, presenta un uso de la memoria previamente liberada de la función reference en el archivo parser.c. • https://lists.gnu.org/archive/html/bug-cflow/2019-04/msg00001.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16166
https://notcve.org/view.php?id=CVE-2019-16166
09 Sep 2019 — GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c. GNU cflow versiones hasta 1.6, presenta una lectura excesiva del búfer en la región heap de la memoria en la función nexttoken en el archivo parser.c. • https://lists.gnu.org/archive/html/bug-cflow/2019-04/msg00000.html • CWE-125: Out-of-bounds Read •