libwebm through versions 22.214.171.124, which is bundled in chromium, is vulnerable to an out of bounds read issue. The function common/libwebm_util.cc:ParseVP9SuperFrameIndex() does not validate child_frame_length data obtained from a .webm file, which can cause an information leak, denial of service or other potential unspecified impact.
Created chromium tracking bugs for this issue:
Affects: epel-7 [bug 1547350]
Affects: fedora-all [bug 1547351]