LibSass before 3.6.3 allows a heap-based buffer over-read in Sass::weaveParents in ast_sel_weave.cpp.
Published November 6, 2019.
Sass-lang Libsass
