Description
When libaudiofile is used to change both the number of channels of an
audio file (e.g. from stereo to mono) and the sample format (e.g. from
16-bit samples to 8-bit samples), the output file will contain corrupted
data. If the new sample format is smaller than the old one, there is a
risk of buffer overflow: e.g. when the input file has 16-bit samples and
the output file has 8-bit samples, afReadFrames will treat the buffer to
read the samples (argument void *data) as a pointer to int16_t instead of
int8_t, therefore it will write past its end (CVE-2015-7747).