9.4 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
70.7%
A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.
lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html
lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html
lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html
github.com/sass/libsass/issues/2643