"A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability."
Note that the rpmdb is going to be a root only resource anyway so this is a bit niche in terms of exploitability.
(In reply to Sam James from comment #0)
> Patch: https://github.com/rpm-software-management/rpm/pull/1500
Fixed in 220.127.116.11.