libsass
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | C implementation of Sass CSS preprocessor (library) |
| Version | 3.6.6-1 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-359 | 3.4.9-1 | 3.5.4-1 | High | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2017-11608 | AVG-359 | High | Yes | Denial of service | There is a heap-based buffer over-read in the Sass::Prelexer::re_linebreak function in lexer.cpp in LibSass 3.4.5. A crafted input will lead to a remote... |
| CVE-2017-11605 | AVG-359 | High | Yes | Denial of service | There is a heap based buffer over-read in LibSass 3.4.5, related to address 0xb4803ea1. A crafted input will lead to a remote denial of service attack. |
| CVE-2017-11555 | AVG-359 | Medium | Yes | Denial of service | There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service. |
| CVE-2017-11554 | AVG-359 | Medium | Yes | Denial of service | There is a stack consumption vulnerability in the lex function in parser.hpp (as used in sassc) in LibSass 3.4.5. A crafted input will lead to a remote... |