In SoX 14.4.2, there is an integer overflow in startread in sox-fmt.c. This can, for example, have a resultant NULL pointer dereference.

%d bloggers like this: