An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service.
https://usn.ubuntu.com/4013-1/
https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html