There exists one out of bound heap access in SwapModule::runSwap, in SimpleModule.h:82, which allows an attacker to cause a denial of service via a crafted file.
root@ubuntu:~/fuzz/audiofile# /home/tim/audiofile-santi/sfcommands/sfconvert /home/tim/Downloads/poc output format caf
ASAN:DEADLYSIGNAL
=================================================================
==30065==ERROR: AddressSanitizer: SEGV on unknown address 0x625000010000 (pc 0x7ffff6becb40 bp 0x60c000000340 sp 0x7fffffffe200 T0)
==30065==The signal is caused by a READ memory access.
#0 0x7ffff6becb3f in void SwapModule::runSwap<8, long>(long const*, long*, int) /home/tim/audiofile-santi/libaudiofile/modules/SimpleModule.h:81
#1 0x7ffff6becb3f in void SwapModule::run<8, long>(Chunk&, Chunk&) /home/tim/audiofile-santi/libaudiofile/modules/SimpleModule.h:74
#2 0x7ffff6becb3f in SwapModule::run(Chunk&, Chunk&) /home/tim/audiofile-santi/libaudiofile/modules/SimpleModule.h:63
#3 0x7ffff6bdc218 in afReadFrames (/home/tim/audiofile-santi/libaudiofile/.libs/libaudiofile.so.1+0x32218)
#4 0x555555555fdd in copyaudiodata /home/tim/audiofile-santi/sfcommands/sfconvert.c:340
#5 0x555555555620 in main /home/tim/audiofile-santi/sfcommands/sfconvert.c:248
#6 0x7ffff67dab96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
#7 0x555555555c79 in _start (/home/tim/audiofile-santi/sfcommands/.libs/sfconvert+0x1c79)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/tim/audiofile-santi/libaudiofile/modules/SimpleModule.h:81 in void SwapModule::runSwap<8, long>(long const*, long*, int)
==30065==ABORTING
There exists one out of bound heap access in SwapModule::runSwap, in SimpleModule.h:82, which allows an attacker to cause a denial of service via a crafted file.
sfconvert $poc output format caf poc.zip
asan output
gdb output