CVE-2015-5147 - Addressable Fittings

Description

Stack-based buffer overflow in the header_anchor function in the HTML renderer in Redcarpet before 3.3.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

Reference

http://www.securityfocus.com/bid/75508 http://www.openwall.com/lists/oss-security/2015/06/29/3 https://github.com/vmg/redcarpet/blob/master/CHANGELOG.md http://www.openwall.com/lists/oss-security/2015/06/30/10