In lsx_aiffstartread in aiff.c in Sound eXchange 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file.