In LibSass prior to 3.5.5, the function handleerror in sasscontext.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.
{ "binaries": [ { "binary_version": "3.3.4-1", "binary_name": "libsass-dev" }, { "binary_version": "3.3.4-1", "binary_name": "libsass0" } ] }
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "binary_version": "3.4.8-1ubuntu0.1~esm1", "binary_name": "libsass-dev" }, { "binary_version": "3.4.8-1ubuntu0.1~esm1", "binary_name": "libsass0" } ] }