MGASA-2020-0049
- Source
- https://advisories.mageia.org/MGASA-2020-0049.html
- Import Source
- https://advisories.mageia.org/MGASA-2020-0049.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2020-0049
- Related
- Published
- 2020-01-28T07:52:40Z
- Modified
- 2020-01-28T07:26:33Z
- Summary
- Updated libsass packages fix security vulnerabilities
- Details
-
Use-after-free vulnerability in sasscontext.cpp:handleerror (CVE-2018-11499).
Null pointer dereference in Sass::SelectorList::populateextends (CVE-2018-19797).
Use-after-free vulnerability exists in the SharedPtr class (CVE-2018-19827).
Stack overflow in Eval::operator() (CVE-2018-19837).
Stack-overflow at IMPLEMENTASTOPERATORS expansion (CVE-2018-19838).
Buffer-overflow (OOB read) against some invalid input (CVE-2018-19839).
Null pointer dereference in Sass::Eval::operator() (Sass::Supports_Operator*) (CVE-2018-20190).
Uncontrolled recursion in Sass:Parser:parsecssvariable_value (CVE-2018-20821).
Stack-overflow at Sass::Inspect::operator() (CVE-2018-20822).
Heap-buffer-overflow in Sass::Prelexer::parenthese_scope(char const*) (CVE-2019-6283).
Heap-based buffer over-read exists in Sass:Prelexer:alternatives (CVE-2019-6284).
Heap-based buffer over-read exists in Sass:Prelexer:skipoverscopes (CVE-2019-6286).
- References
- Credits
-
-
- Mageia - COORDINATOR
-