A vulnerability was found in libebml. A specially crafted unicode string can cause an off-by-few read on the heap in unicode string parsing code in libebml. This issue can potentially be used for information leaks. References: http://www.talosintelligence.com/reports/TALOS-2016-0036/
Created libebml tracking bugs for this issue: Affects: epel-all [bug 1412634] Affects: fedora-all [bug 1412633]
Upon closer investigation, I believe this is a duplicate of CVE-2015-8790 (bug 1303861) and will close it as such upon confirmation from upstream.
*** This bug has been marked as a duplicate of bug 1303861 ***