https://marc.info/?l=oss-security&m=167571683504082&w=2

Index: src/aiff.c
--- src/aiff.c.orig
+++ src/aiff.c
@@ -619,6 +619,11 @@ int lsx_aiffstartwrite(sox_format_t * ft)
            At 48 kHz, 16 bits stereo, this gives ~3 hours of audio.
            Sorry, the AIFF format does not provide for an indefinite
            number of samples. */
+        if (ft->signal.channels >= (0x7f000000 / (ft->encoding.bits_per_sample >> 3)))
+        {
+                lsx_fail_errno(ft, SOX_EOF, "too many channels for AIFF header");
+                return SOX_EOF;
+        }
         return(aiffwriteheader(ft, (uint64_t) 0x7f000000 / ((ft->encoding.bits_per_sample>>3)*ft->signal.channels)));
 }