sox is vulnerable to use-after-free. The vulnerability exists in lsx_aiffstartread
in aiff.c
, allowing a malicious user to exploit this flaw by supplying a malformed AIFF file which may lead to denial of service (DoS) during the conversion of an audio file.