In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted sass input files with stray '&' or '/' characters. Upstream issue: https://github.com/sass/libsass/issues/2781
Created libsass tracking bugs for this issue: Affects: epel-7 [bug 1671396] Affects: fedora-all [bug 1671395]
Closing as NOTABUG because upstream believes this is "by design" and not an error in the code. See https://github.com/sass/libsass/issues/2781#issuecomment-447202429