flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependent attackers to execute arbitrary code.
https://exchange.xforce.ibmcloud.com/vulnerabilities/24995
http://www.us.debian.org/security/2006/dsa-1020
http://www.securityfocus.com/bid/16896
http://www.gentoo.org/security/en/glsa/glsa-200603-07.xml
http://securityreason.com/securityalert/570
http://secunia.com/advisories/19424
http://secunia.com/advisories/19228
http://secunia.com/advisories/19126
http://secunia.com/advisories/19071
http://prdownloads.sourceforge.net/flex/flex-2.5.33.tar.bz2?download