In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file. Upstream issue: https://github.com/sass/libsass/issues/2657 Upstream patch: https://github.com/sass/libsass/pull/2767/commits/a2dff1b59ea8c8ec10680f9e8e5593e4b38554a1 Upstream pull request: https://github.com/sass/libsass/pull/2767
Created libsass tracking bugs for this issue: Affects: epel-7 [bug 1671396] Affects: fedora-all [bug 1671395]