A security issue has been found in libvorbis <= 1.3.5, where a specially crafted WAV file can trigger an invalid memory allocation in the vorbis_analysis_wrote function in lib/block.c, causing a denial of service.
A security issue has been found in libvorbis <= 1.3.5, where a specially crafted WAV file can trigger an invalid memory allocation in the vorbis_analysis_wrote function in lib/block.c, causing a denial of service.
http://seclists.org/fulldisclosure/2017/Jul/82