libsndfile through 1.2.2 has an oggvorbis.c vorbisanalysis_wrote out-of-bounds read.
"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-52166.json"