2 buffer overruns were reported in libsndfile, in sd2_parse_rsrc_fork() function [1]. Upstream commit that fixes these issues: https://github.com/erikd/libsndfile/commit/dbe14f00030af5d3577f4cabbf9861db59e9c378 [1]: https://github.com/erikd/libsndfile/issues/93