GNU Cflow Security Vulnerabilities in 2025

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in GNU Cflow.

By the Year

In 2025 there have been 0 vulnerabilities in GNU Cflow. Cflow did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2025	0	0.00
2024	0	0.00
2023	1	7.50
2022	0	0.00
2021	1	5.50
2020	0	0.00
2019	2	6.50
2018	0	0.00

It may take a day or so for new Cflow vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent GNU Cflow Security Vulnerabilities

A vulnerability was found in GNU cflow 1.7

CVE-2023-2789 7.5 - High - May 18, 2023

A vulnerability was found in GNU cflow 1.7. It has been rated as problematic. This issue affects the function func_body/parse_variable_declaration of the file parser.c. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-229373 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Improper Resource Shutdown or Release

Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service

CVE-2020-23856 5.5 - Medium - May 18, 2021

Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee.

Dangling pointer

GNU cflow through 1.6 has a use-after-free in the reference function in parser.c.

CVE-2019-16165 6.5 - Medium - September 09, 2019

GNU cflow through 1.6 has a use-after-free in the reference function in parser.c.

Dangling pointer

GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c.

CVE-2019-16166 6.5 - Medium - September 09, 2019

GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c.

Out-of-bounds Read

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for GNU Cflow or by GNU? Click the Watch button to subscribe.

GNU
Vendor

GNU Cflow
Product

GNU Cflow

Don't miss out!

By the Year

Recent GNU Cflow Security Vulnerabilities

A vulnerability was found in GNU cflow 1.7 CVE-2023-2789 7.5 - High - May 18, 2023

Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service CVE-2020-23856 5.5 - Medium - May 18, 2021

GNU cflow through 1.6 has a use-after-free in the reference function in parser.c. CVE-2019-16165 6.5 - Medium - September 09, 2019

GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c. CVE-2019-16166 6.5 - Medium - September 09, 2019