Stack-based buffer overflow in the header_anchor function in the HTML renderer in Redcarpet before 3.3.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
https://github.com/vmg/redcarpet/blob/master/CHANGELOG.md
http://www.securityfocus.com/bid/75508