JSON++ through 2016-06-15 has a buffer over-read in yyparse() in json.y. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
Buffer Overflow
Json
NVD
GitHub
CVSS 3.0
9.8
EPSS
1.6%