EPSS
Percentile
40.7%
GNU cflow is vulnerable to denial of service.A heap-based buffer over-read in the nexttoken function in parser.c allows an attacker to cause an application crash.
lists.gnu.org/archive/html/bug-cflow/2019-04/msg00000.html
security-tracker.debian.org/tracker/CVE-2019-16166