An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service. https://nvd.nist.gov/vuln/detail/CVE-2018-19662