CVE-2025-8735
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-08

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability classified as problematic was found in GNU cflow up to 1.8. Affected by this vulnerability is the function yylex of the file c.c of the component Lexer. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-08
Last Modified
2026-04-29
Generated
2026-05-06
AI Q&A
2025-08-08
EPSS Evaluated
2026-05-05
NVD
CVE-2025-8735
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gnu cflow 1.8
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the GNU cflow software up to version 1.8, specifically in the function yylex within the file c.c of the Lexer component. It involves a null pointer dereference caused by improper manipulation. Exploiting this vulnerability requires local access to the system.


How can this vulnerability impact me? :

The vulnerability can cause a null pointer dereference, which may lead to a denial of service or crash of the affected application. Since the attack requires local access, remote exploitation is not possible, but an attacker with local privileges could disrupt the normal operation of GNU cflow.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart