There is a stack consumption vulnerability in the lex function in parser.hpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service.