A use-after-free vulnerability exists in handleerror() in sasscontext.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.
{ "ubuntu_priority": "medium", "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "binary_name": "libsass-dev", "binary_version": "3.4.8-1ubuntu0.1~esm1" }, { "binary_name": "libsass0", "binary_version": "3.4.8-1ubuntu0.1~esm1" }, { "binary_name": "libsass0-dbg", "binary_version": "3.4.8-1ubuntu0.1~esm1" } ] }
{ "ubuntu_priority": "medium", "availability": "No subscription required", "binaries": [ { "binary_name": "libsass-dev", "binary_version": "3.5.5-4" }, { "binary_name": "libsass1", "binary_version": "3.5.5-4" }, { "binary_name": "libsass1-dbgsym", "binary_version": "3.5.5-4" } ] }