There is a heap based buffer over-read in LibSass 3.4.5, related to address 0xb4803ea1. A crafted input will lead to a remote denial of service attack.
Debian Bug report logs -
#870184
libsass: CVE-2017-11605
Package:
src:libsass;
Maintainer for src:libsass is Debian Sass team <pkg-sass-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sun, 30 Jul 2017 19:57:02 UTC
Severity: important
Tags: security
Found in version libsass ...
There is a heap based buffer over-read in LibSass 345, related to address 0xb4803ea1 A crafted input will lead to a remote denial of service attack ...