An unspecified negative-size parameter flaw was found in the Libvpx. component of the Chromium browser. Upstream bug: https://code.google.com/p/chromium/issues/detail?id=450939 External References: http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html
This issue has been addressed in the following products: Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2015:1023 https://rhn.redhat.com/errata/RHSA-2015-1023.html
This issue was fixed in chromium, by limiting the size of the input stream to be 16384x16384. The following chromium commit (in embedded libvpx) fixes the issue: https://chromium.googlesource.com/chromium/deps/libvpx/+/306d74445e38b203c38f222f7deecf674296215c
Created libvpx tracking bugs for this issue: Affects: fedora-all [bug 1225732]
Statement: Red Hat Product Security has rated this issue as having moderate security impact, a future update may address this flaw in libvpx.
libvpx-1.4.0-5.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
libvpx-1.3.0-7.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
libvpx-1.3.0-7.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.