pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "libpcre3",
            "binary_version": "1:8.31-2ubuntu2.2"
        },
        {
            "binary_name": "libpcre3-dev",
            "binary_version": "1:8.31-2ubuntu2.2"
        },
        {
            "binary_name": "libpcrecpp0",
            "binary_version": "1:8.31-2ubuntu2.2"
        },
        {
            "binary_name": "pcregrep",
            "binary_version": "1:8.31-2ubuntu2.2"
        }
    ]
}