Search for packages
| purl | pkg:deb/debian/libsass@3.4.3-1 |
| Next non-vulnerable version | 3.6.5+20231221-3 |
| Latest non-vulnerable version | 3.6.5+20231221-3 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-15ta-qeqg-wqf2
Aliases: CVE-2017-11608 |
denial of service |
Affected by 9 other vulnerabilities. |
|
VCID-3jeg-ng2z-1fhk
Aliases: CVE-2018-20190 |
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file. |
Affected by 9 other vulnerabilities. |
|
VCID-4fgy-jy99-1khy
Aliases: CVE-2019-6283 |
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp. |
Affected by 9 other vulnerabilities. |
|
VCID-6adp-x9gj-tyba
Aliases: CVE-2018-11697 |
Affected by 3 other vulnerabilities. |
|
|
VCID-78aw-74v9-dqbc
Aliases: CVE-2017-11554 |
denial of service |
Affected by 9 other vulnerabilities. |
|
VCID-7ytc-kjtu-rbe1
Aliases: CVE-2018-19837 |
In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of '%' as a modulo operator in parser.cpp. |
Affected by 9 other vulnerabilities. |
|
VCID-8cgq-2kwr-j3eq
Aliases: CVE-2018-11698 |
Affected by 3 other vulnerabilities. |
|
|
VCID-9bk6-axhk-uyhv
Aliases: CVE-2017-11556 |
There is a stack consumption vulnerability in the Parser::advanceToNextToken function in parser.cpp in LibSass 3.4.5. A crafted input may lead to remote denial of service. |
Affected by 9 other vulnerabilities. |
|
VCID-9fb4-qar9-hqex
Aliases: CVE-2019-6284 |
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp. |
Affected by 9 other vulnerabilities. |
|
VCID-aeqp-85dy-n7es
Aliases: CVE-2019-6286 |
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693. |
Affected by 9 other vulnerabilities. |
|
VCID-b7nr-ns1n-4qg5
Aliases: CVE-2018-19797 |
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file. |
Affected by 3 other vulnerabilities. |
|
VCID-db5w-969a-rfgp
Aliases: CVE-2019-18799 |
LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser::parseCompoundSelector in parser_selectors.cpp. |
Affected by 3 other vulnerabilities. |
|
VCID-dcur-m3h9-s7eh
Aliases: CVE-2018-19838 |
In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy(). |
Affected by 3 other vulnerabilities. |
|
VCID-hyyq-1enj-jyac
Aliases: CVE-2018-11693 |
Affected by 9 other vulnerabilities. |
|
|
VCID-mrjg-spwc-3yhs
Aliases: CVE-2017-11555 |
denial of service |
Affected by 9 other vulnerabilities. |
|
VCID-n4cj-564p-eug3
Aliases: CVE-2018-20821 |
The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp). |
Affected by 3 other vulnerabilities. |
|
VCID-nahp-5u2r-u7gw
Aliases: CVE-2018-20822 |
LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp). |
Affected by 3 other vulnerabilities. |
|
VCID-npue-4vew-f3az
Aliases: CVE-2018-19827 |
In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact. |
Affected by 9 other vulnerabilities. |
|
VCID-pzne-hjsy-13c8
Aliases: CVE-2018-11696 |
Affected by 9 other vulnerabilities. |
|
|
VCID-s2gy-djt8-h7dr
Aliases: CVE-2018-11695 |
Affected by 9 other vulnerabilities. |
|
|
VCID-ss16-gjc9-xfat
Aliases: CVE-2018-11499 |
A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact. |
Affected by 9 other vulnerabilities. |
|
VCID-t2wr-cbk1-y7gf
Aliases: CVE-2018-11694 |
Affected by 3 other vulnerabilities. |
|
|
VCID-ymk4-v54x-ruf1
Aliases: CVE-2018-19839 |
In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file. |
Affected by 9 other vulnerabilities. |
|
VCID-yx2v-zyh5-p7ak
Aliases: CVE-2019-18798 |
LibSass before 3.6.3 allows a heap-based buffer over-read in Sass::weaveParents in ast_sel_weave.cpp. |
Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||