VulnerableCode Package Details - pkg:deb/debian/libsass@3.5.5-4

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/libsass@3.5.5-4

Essentials
History (24)

purl	pkg:deb/debian/libsass@3.5.5-4

Next non-vulnerable version	3.6.5+20231221-3
Latest non-vulnerable version	3.6.5+20231221-3
Risk	3.4

Vulnerabilities affecting this package (9)

Vulnerability	Summary	Fixed by
VCID-6adp-x9gj-tyba Aliases: CVE-2018-11697		3.6.4+20201122-1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-8cgq-2kwr-j3eq Aliases: CVE-2018-11698		3.6.4+20201122-1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-b7nr-ns1n-4qg5 Aliases: CVE-2018-19797	In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.	3.6.4+20201122-1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-db5w-969a-rfgp Aliases: CVE-2019-18799	LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser::parseCompoundSelector in parser_selectors.cpp.	3.6.4+20201122-1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-dcur-m3h9-s7eh Aliases: CVE-2018-19838	In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().	3.6.4+20201122-1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-n4cj-564p-eug3 Aliases: CVE-2018-20821	The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).	3.6.4+20201122-1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-nahp-5u2r-u7gw Aliases: CVE-2018-20822	LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).	3.6.4+20201122-1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-t2wr-cbk1-y7gf Aliases: CVE-2018-11694		3.6.4+20201122-1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-yx2v-zyh5-p7ak Aliases: CVE-2019-18798	LibSass before 3.6.3 allows a heap-based buffer over-read in Sass::weaveParents in ast_sel_weave.cpp.	3.6.4+20201122-1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (15)

Vulnerability	Summary	Aliases
VCID-15ta-qeqg-wqf2	denial of service	CVE-2017-11608
VCID-3jeg-ng2z-1fhk	In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.	CVE-2018-20190
VCID-4fgy-jy99-1khy	In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.	CVE-2019-6283
VCID-78aw-74v9-dqbc	denial of service	CVE-2017-11554
VCID-7ytc-kjtu-rbe1	In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of '%' as a modulo operator in parser.cpp.	CVE-2018-19837
VCID-9bk6-axhk-uyhv	There is a stack consumption vulnerability in the Parser::advanceToNextToken function in parser.cpp in LibSass 3.4.5. A crafted input may lead to remote denial of service.	CVE-2017-11556
VCID-9fb4-qar9-hqex	In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.	CVE-2019-6284
VCID-aeqp-85dy-n7es	In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693.	CVE-2019-6286
VCID-hyyq-1enj-jyac		CVE-2018-11693
VCID-mrjg-spwc-3yhs	denial of service	CVE-2017-11555
VCID-npue-4vew-f3az	In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.	CVE-2018-19827
VCID-pzne-hjsy-13c8		CVE-2018-11696
VCID-s2gy-djt8-h7dr		CVE-2018-11695
VCID-ss16-gjc9-xfat	A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.	CVE-2018-11499
VCID-ymk4-v54x-ruf1	In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.	CVE-2018-19839

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-13T12:51:36.596926+00:00	Debian Oval Importer	Fixing	VCID-9bk6-axhk-uyhv	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T12:48:04.598566+00:00	Debian Oval Importer	Fixing	VCID-4fgy-jy99-1khy	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T12:07:10.741036+00:00	Debian Oval Importer	Fixing	VCID-mrjg-spwc-3yhs	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T10:56:48.853599+00:00	Debian Oval Importer	Fixing	VCID-pzne-hjsy-13c8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T10:10:46.397307+00:00	Debian Oval Importer	Affected by	VCID-yx2v-zyh5-p7ak	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T09:56:52.966753+00:00	Debian Oval Importer	Fixing	VCID-9fb4-qar9-hqex	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T09:55:40.415076+00:00	Debian Oval Importer	Fixing	VCID-7ytc-kjtu-rbe1	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T09:00:22.341870+00:00	Debian Oval Importer	Affected by	VCID-nahp-5u2r-u7gw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T08:25:03.863031+00:00	Debian Oval Importer	Fixing	VCID-78aw-74v9-dqbc	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T08:24:40.889014+00:00	Debian Oval Importer	Affected by	VCID-dcur-m3h9-s7eh	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T08:02:53.887374+00:00	Debian Oval Importer	Affected by	VCID-b7nr-ns1n-4qg5	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T07:20:07.561867+00:00	Debian Oval Importer	Fixing	VCID-ss16-gjc9-xfat	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T06:50:50.011953+00:00	Debian Oval Importer	Fixing	VCID-npue-4vew-f3az	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T06:39:14.562385+00:00	Debian Oval Importer	Fixing	VCID-15ta-qeqg-wqf2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T06:20:53.509012+00:00	Debian Oval Importer	Fixing	VCID-hyyq-1enj-jyac	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T05:21:03.828195+00:00	Debian Oval Importer	Affected by	VCID-t2wr-cbk1-y7gf	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T05:17:38.741248+00:00	Debian Oval Importer	Affected by	VCID-n4cj-564p-eug3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T05:11:39.392659+00:00	Debian Oval Importer	Affected by	VCID-8cgq-2kwr-j3eq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T04:41:36.841023+00:00	Debian Oval Importer	Fixing	VCID-3jeg-ng2z-1fhk	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T04:39:43.792139+00:00	Debian Oval Importer	Affected by	VCID-db5w-969a-rfgp	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T04:38:10.106997+00:00	Debian Oval Importer	Fixing	VCID-s2gy-djt8-h7dr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T04:37:17.788272+00:00	Debian Oval Importer	Fixing	VCID-aeqp-85dy-n7es	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T03:38:19.403336+00:00	Debian Oval Importer	Fixing	VCID-ymk4-v54x-ruf1	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T03:18:24.223869+00:00	Debian Oval Importer	Affected by	VCID-6adp-x9gj-tyba	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0