CVE-2018-19839

CVE-2018-19839 affects LibSass prior to 3.5.5. The vulnerability is a heap-based buffer over-read in Sass::handle_error (sass_context.cpp) that attackers can trigger via a crafted Sass file, causing a denial-of-service. Public details in the initial document confirm the exact function and file, t...

CVE-2018-11698

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handleerror which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service...

CVE-2018-11499

A use-after-free vulnerability exists in handleerror in sasscontext.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service application crash or possibly unspecified other impact...

Design/Logic Flaw

A use-after-free vulnerability exists in handleerror in sasscontext.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service application crash or possibly unspecified other impact...

CVE-2018-11499

CVE-2018-11499 is a use-after-free in LibSass (sass_context.cpp, handle_error()) affecting LibSass 3.4.x and 3.5.x up to 3.5.4. It could crash the application (DoS) and potentially other impacts. Affected entries in connected docs point to LibSass vulnerabilities and advise upgrading to the lates...

CVE-2018-11499

A use-after-free vulnerability exists in handleerror in sasscontext.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service application crash or possibly unspecified other impact...