CVE-2021-32420 (https://gitlab.com/aplevich/dpic/-/issues/5): https://gitlab.com/aplevich/dpic/-/commit/d317e4066c17f9ceb359b3af13264c32f6fb43cf dpic 2021.01.01 has a Heap-based Buffer Overflow in thestorestring function in dpic.y. CVE-2021-32421 (https://gitlab.com/aplevich/dpic/-/commit/d317e4066c17f9ceb359b3af13264c32f6fb43cf): https://gitlab.com/aplevich/dpic/-/issues/7 dpic 2021.01.01 has a Heap Use-After-Free in thedeletestringbox() function in dpic.y. CVE-2021-32422 (https://gitlab.com/aplevich/dpic/-/commit/d317e4066c17f9ceb359b3af13264c32f6fb43cf): https://gitlab.com/aplevich/dpic/-/issues/6 dpic 2021.01.01 has a Global buffer overflow in theyylex() function in main.c and reads out of the bound array. CVE-2021-33388 (https://gitlab.com/aplevich/dpic/-/issues/8): dpic 2021.04.10 has a Heap Buffer Overflow in themakevar() function in dpic.y CVE-2021-33390 (https://gitlab.com/aplevich/dpic/-/issues/10): dpic 2021.04.10 has a use-after-free in thedeletestringbox() function in dpic.y. A different vulnerablility than CVE-2021-32421. All issues closed, but I'm not certain they're all fixed without references to fixes.