I don't know anything. Without a published exploit I guess it's hard to do anything.
But had to look at an old copy I had here. Certainly an interesting library. If strings like status code == CG_HTTP_STATUS_UNAUTHIRUZED ( also happen to be in the code, then it's no surprise if there are exploitable bugs