2 matches found
CVE-2019-16165
GNU cflow up to version 1.6 is affected by a use-after-free in the reference function of parser.c, per CVE-2019-16165. Exploitation could lead to denial of service or arbitrary code execution, as described across multiple sources. The issue is tied to memory management in the parser and is presen...
CVE-2019-16166
GNU cflow versions up to 1.6 are affected by a heap-based buffer over-read in the nexttoken function of parser.c (CVE-2019-16166). The issue is documented across multiple sources (NVD, OSV, SUSE, Debian/Ubuntu OSV entries) and consistently references the same core flaw in parser.c. Public referen...