An out-of-bounds write was discovered when processing Vorbis audio data.
If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code. (CVE-2018-5146)
Refer to Ubuntu advisory USN-3599-1 for affected packages and patching details, or update with your package manager.
Following are links for downloading patches to fix the vulnerabilities: