CVE Catalog
CVE-2026-36907
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk0.17%
7th percentile — higher than 7% of all known CVEs
Summary
A stack overflow vulnerability in the AP4_StsdAtom::AP4_StsdAtom component of Bento4 before version 1.8.9 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
Risk Assessment
The risk is that an attacker can remotely crash an application using Bento4 by sending a malicious MP4 file, potentially disrupting service availability.
Recommendation
It is recommended to immediately upgrade Bento4 to version 1.8.9 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
A stack overflow in the AP4_StsdAtom::AP4_StsdAtom component of axiomatic-systems Bento4 before v1.8.9allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

