An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service.
https://usn.ubuntu.com/4013-1/
https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html
https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html