CVE Catalog

CVE-2026-36908

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

7th percentile — higher than 7% of all known CVEs

Summary

A stack overflow vulnerability was found in the AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity component of Bento4 before version 1.8.9. Attackers can exploit this by providing a crafted MP4 file, causing a Denial of Service (DoS).

Risk Assessment

The organization is at risk of DoS attacks that can disrupt applications using Bento4 for MP4 file processing, potentially leading to service unavailability.

Recommendation

Immediately update Bento4 to version 1.8.9 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

A stack overflow in the AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity component of axiomatic-systems Bento4 before v1.8.9allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS