There is a heap-based buffer over-read at wav.c in wavwriteheader in libsndfile 1.0.28 that will cause a denial of service.
{ "urgency": "not yet assigned" }