* audiofile: Heap-based buffer overflow in Expand3To4Module::run() when
running sfconvert (CVE-2018-17095)
* audiofile: NULL pointer dereference in ModuleState::setup() in
modules/ModuleState.cpp allows for denial of service via crafted file
(CVE-2018-13440)
--