In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693. References: https://github.com/sass/libsass/issues/2815
Created libsass tracking bugs for this issue: Affects: epel-7 [bug 1668926] Affects: fedora-all [bug 1668925]