CVE-2019-18799

Published: 06 November 2019

LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser::parseCompoundSelector in parser_selectors.cpp.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
libsass
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(code not present)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not present)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Ubuntu 12.04 ESM (Precise Pangolin) Does not exist

Patches:
Upstream: https://github.com/sass/libsass/pull/3027/commits/d2390e54c4f1ab5c33a0e35e7b9264b36284fa91
Upstream: https://github.com/sass/libsass/pull/3027/commits/994695c669085058c4a500f295a0531893eff77a
Upstream: https://github.com/sass/libsass/pull/3027/commits/0b721e0f37fc69ab197ec956a923e036e3b05ca6