libwebm through versions 18.104.22.168, which is bundled in chromium, is vulnerable to an out of bounds read issue. The function common/libwebm_util.cc:ParseVP9SuperFrameIndex() does not validate child_frame_length data obtained from a .webm file, which can cause an information leak, denial of service or other potential unspecified impact.
Created chromium tracking bugs for this issue:
Affects: epel-7 [bug 1547350]
Affects: fedora-all [bug 1547351]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):