An issue has been found in libsamplerate, an audio sample rate conversion library. Using a crafted audio file a buffer over-read might happen in calc_output_single() in src_sinc.c.
For Debian 8 jessie, these problems have been fixed in version 0.1.8-8+deb8u1.
We recommend that you upgrade your libsamplerate packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/