libsass

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description C implementation of Sass CSS preprocessor (library).
Version 3.5.4-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-359 3.4.9-1 3.5.4-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2017-11608 AVG-359 High Yes Denial of service
There is a heap-based buffer over-read in the Sass::Prelexer::re_linebreak function in lexer.cpp in LibSass 3.4.5. A crafted input will lead to a remote...
CVE-2017-11605 AVG-359 High Yes Denial of service
There is a heap based buffer over-read in LibSass 3.4.5, related to address 0xb4803ea1. A crafted input will lead to a remote denial of service attack.
CVE-2017-11555 AVG-359 Medium Yes Denial of service
There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service.
CVE-2017-11554 AVG-359 Medium Yes Denial of service
There is a stack consumption vulnerability in the lex function in parser.hpp (as used in sassc) in LibSass 3.4.5. A crafted input will lead to a remote...