UltraJSON (aka ujson) 4.0.2 through 5.0.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode).
Note that I can't seem to find an upstream reference to this.
The linked YAML file from Google says:
> - introduced: a920bfa9d85bcd78836b866d1be80c1e3dcca1da
> - fixed: 5525f8c9ef8bb879dadd0eb942d524827d1b0362
... but I don't see that fixed commit anywhere.
FWICS all the new versions of ujson have been added to that YAML, so probably it wasn't ever fixed. Looking at the link found at the issue tracker:
I'm guessing that the problem has been swept under the rug by stripping executables.