It was discovered the fix for CVE-2018-19758 is not complete and it still allows to read beyond the limit of the buffer in function wav_write_header() in wav.c. Function wav_write_header() iterates through the `loops` array for an amount of times read from the file itself. However, this value is not correctly checked and the library can read beyond the limits of the `loops` array, possibly making the application crash. Upstream issue: https://github.com/erikd/libsndfile/issues/456#issuecomment-463542436
Acknowledgments: Name: Riccardo Schirone (Red Hat)
Created libsndfile tracking bugs for this issue: Affects: fedora-all [bug 1677219]
A PR has been submitted upstream to fix this issue: https://github.com/erikd/libsndfile/pull/460
Upstream patch: https://github.com/erikd/libsndfile/commit/6d7ce94c020cc720a6b28719d1a7879181790008