libwebm through versions 1.0.0.27, which is bundled in chromium, is vulnerable to an out of bounds read issue. The function common/libwebm_util.cc:ParseVP9SuperFrameIndex() does not validate child_frame_length data obtained from a .webm file, which can cause an information leak, denial of service or other potential unspecified impact. Upstream Commit: https://github.com/webmproject/libwebm/commit/8e88e04b07352f2ca449278b44a2d8ec7631bdcf
Created chromium tracking bugs for this issue: Affects: epel-7 [bug 1547350] Affects: fedora-all [bug 1547351]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-6406