Daisypo

**Name of the Vulnerable Software and Affected Versions** GNU cflow version 1.7 **Description** A problematic issue has been found that affects the function `func body/parse variable declaration` of the file `parser.c`, leading to denial of service. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond. **Recommendations** For GNU cflow version 1.7, as a temporary workaround, consider disabling the `func body/parse variable declaration` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PoDoFo version 0.10.0 **Description** A critical vulnerability was found in PoDoFo, affecting the function `readXRefStreamEntry` of the file `PdfXRefStreamParserObject.cpp`. The manipulation leads to heap-based buffer overflow. An attack must be approached locally. The exploit has been disclosed to the public and may be used. **Recommendations** To fix this issue, it is recommended to apply a patch, specifically the one identified as `535a786f124b739e3c857529cecc29e4eeb79778`. As a temporary workaround, consider disabling the `readXRefStreamEntry` function until a patch is available. Restrict access to the `PdfXRefStreamParserObject.cpp` file to minimize the risk of exploitation.