CVE-2026-36908
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk7th percentile — higher than 7% of all known CVEs
Summary
A stack overflow vulnerability was found in the AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity component of Bento4 before version 1.8.9. Attackers can exploit this by providing a crafted MP4 file, causing a Denial of Service (DoS).
Risk Assessment
The organization is at risk of DoS attacks that can disrupt applications using Bento4 for MP4 file processing, potentially leading to service unavailability.
Recommendation
Immediately update Bento4 to version 1.8.9 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
A stack overflow in the AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity component of axiomatic-systems Bento4 before v1.8.9allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

