When the parser encountered a deeply nested element with an infinite size then a following element of an upper level was not propagated correctly. Instead the element with the infinite size was added into the EBML element tree a second time resulting in memory access after freeing it and multiple attempts to free the same memory address during destruction.
Created libebml tracking bugs for this issue:
Affects: fedora-all [bug 1276336]
Affects: epel-all [bug 1276337]
Added CVE according to http://www.cvedetails.com/cve/CVE-2015-8789/
*** Bug 1412632 has been marked as a duplicate of this bug. ***