An issue was discovered in libsndfile 1.0.28. There is an out of bounds read at function sf_write_int, will lead to a denial of service or the others. @maintainer(s): reported as fixed by https://github.com/erikd/libsndfile/commit/6f3266277bed16525f0ac2f0f03ff4626f1923e5 Gentoo Security Padawan (domhnall)
Potential Patches (as per RedHat Bug) https://github.com/erikd/libsndfile/commit/6f3266277bed16525f0ac2f0f03ff4626f1923e5 But appears to need this one, too (fix for CVE-2018-13139): https://github.com/erikd/libsndfile/commit/aaea680337267bfb6d2544da878890ee7f1c5077 Also Debian has this fixed: 1.0.25-9.1+deb8u2 Maintainer(s) please advise.
This issue was resolved and addressed in GLSA 202007-65 at https://security.gentoo.org/glsa/202007-65 by GLSA coordinator Sam James (sam_c).