CVE Catalog

CVE-2026-36907

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

7th percentile — higher than 7% of all known CVEs

Summary

A stack overflow vulnerability in the AP4_StsdAtom::AP4_StsdAtom component of Bento4 before version 1.8.9 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

Risk Assessment

The risk is that an attacker can remotely crash an application using Bento4 by sending a malicious MP4 file, potentially disrupting service availability.

Recommendation

It is recommended to immediately upgrade Bento4 to version 1.8.9 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

A stack overflow in the AP4_StsdAtom::AP4_StsdAtom component of axiomatic-systems Bento4 before v1.8.9allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS