The startread function in wav.c in Sound eXchange 14.4.2 allows remote attackers to cause a denial of service via a crafted wav file.