In libsndfile version 1.0.28, an error in the "aiff_read_chanmap" function can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file.