{"id":"MGASA-2020-0049","summary":"Updated libsass packages fix security vulnerabilities","details":"Use-after-free vulnerability in sass_context.cpp:handle_error\n(CVE-2018-11499).\n\nNull pointer dereference in Sass::Selector_List::populate_extends\n(CVE-2018-19797).\n\nUse-after-free vulnerability exists in the SharedPtr class\n(CVE-2018-19827).\n\nStack overflow in Eval::operator() (CVE-2018-19837).\n\nStack-overflow at IMPLEMENT_AST_OPERATORS expansion (CVE-2018-19838).\n\nBuffer-overflow (OOB read) against some invalid input (CVE-2018-19839).\n\nNull pointer dereference in Sass::Eval::operator()\n(Sass::Supports_Operator*)\n(CVE-2018-20190).\n\nUncontrolled recursion in Sass:Parser:parse_css_variable_value\n(CVE-2018-20821).\n\nStack-overflow at Sass::Inspect::operator() (CVE-2018-20822).\n\nHeap-buffer-overflow in Sass::Prelexer::parenthese_scope(char const*)\n(CVE-2019-6283).\n\nHeap-based buffer over-read exists in Sass:Prelexer:alternatives\n(CVE-2019-6284).\n\nHeap-based buffer over-read exists in Sass:Prelexer:skip_over_scopes\n(CVE-2019-6286).\n","modified":"2026-04-16T04:42:33.365747836Z","published":"2020-01-28T07:52:40Z","upstream":["CVE-2018-11499","CVE-2018-19797","CVE-2018-19827","CVE-2018-19837","CVE-2018-19838","CVE-2018-19839","CVE-2018-20190","CVE-2018-20821","CVE-2018-20822","CVE-2019-6283","CVE-2019-6284","CVE-2019-6286"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0049.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=25755"},{"type":"WEB","url":"https://lists.opensuse.org/opensuse-updates/2019-07/msg00119.html"}],"affected":[{"package":{"name":"libsass","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/libsass?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.6.1-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0049.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}