PT-2025-32391 · Gnu+1 · Gnu Cflow+1
Xudong Cao
+1
·
Published
2025-01-01
·
Updated
2025-10-28
·
CVE-2025-8735
CVSS v3.1
3.3
Low
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
GNU cflow versions up to 1.8
Description
A problematic issue exists in GNU cflow due to a null pointer dereference in the
yylex function within the c.c file of the Lexer component. This issue can be exploited locally. The exploit has been publicly disclosed.Recommendations
Update to a version beyond 1.8.
Exploit
Fix
Improper Resource Release
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Debian
Gnu Cflow