The nokogiri gem contains a libxml2 package which is vulnerable to heap-based buffer overflow. The vulnerability is due to CVE-2016-1839 which is caused when a malicious XML file is passed to xmllint in xmlDictAddString.
xmllint
xmlDictAddString