Vulnerabilities > Sass Lang > Libsass > 3.5.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-04 | CVE-2018-19837 | Resource Exhaustion vulnerability in Sass-Lang Libsass In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of '%' as a modulo operator in parser.cpp. | 6.5 |
| 2018-12-03 | CVE-2018-19827 | Use After Free vulnerability in Sass-Lang Libsass 3.5.5 In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact. | 8.8 |
| 2018-12-03 | CVE-2018-19826 | Infinite Loop vulnerability in Sass-Lang Libsass 3.5.5 In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted sass input files with stray '&' or '/' characters. | 6.5 |
| 2018-12-03 | CVE-2018-19797 | NULL Pointer Dereference vulnerability in Sass-Lang Libsass 3.5.5 In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file. | 6.5 |