https://marc.info/?l=oss-security&m=167571683504082&w=2

Index: src/formats.c
--- src/formats.c.orig
+++ src/formats.c
@@ -360,7 +360,7 @@ static int sox_checkformat(sox_format_t * ft)
   return SOX_SUCCESS;
 }
 
-static sox_bool is_url(char const * text) /* detects only wget-supported URLs */
+static sox_bool is_url(char const * text)
 {
   return !(
       strncasecmp(text, "http:" , (size_t)5) &&
@@ -442,7 +442,7 @@ static FILE * xfopen(char const * identifier, char con
   else if (is_url(identifier)) {
     FILE * f = NULL;
 #ifdef HAVE_POPEN
-    char const * const command_format = "wget --no-check-certificate -q -O- \"%s\"";
+    char const * const command_format = "ftp -a -V -o - \"%s\"";
     char * command = lsx_malloc(strlen(command_format) + strlen(identifier));
     sprintf(command, command_format, identifier);
     f = popen(command, POPEN_MODE);
@@ -627,6 +627,7 @@ error:
   free(ft->priv);
   free(ft->filename);
   free(ft->filetype);
+  sox_delete_comments(&ft->oob.comments);
   free(ft);
   return NULL;
 }