Bento4

This hub aggregates every CVE we track for Bento4, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Bento4.

• CVE-2026-5236Axiomatic Bento4 DSI v1 Ap4Dac4Atom.cpp SkipBits heap-based overflow5.3Mar 31, 2026
• CVE-2026-5235Axiomatic Bento4 MP4 File Ap4Dac4Atom.cpp ReadCache heap-based overflow5.3Mar 31, 2026
• CVE-2025-8537Axiomatic Bento4 mp4decrypt Mp4Decrypt.cpp SetDataSize allocation of resources3.7Aug 5, 2025
• CVE-2025-25943Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary code via the AP4_Stz2Atom::AP4_Stz2Atom component located in Ap4Stz2Atom.cpp.7.8Feb 19, 2025
• CVE-2025-25942An issue in Bento4 v1.6.0-641 allows an attacker to obtain sensitive information via the the mp4fragment tool when processing invalid files. Specifically, memory allocated in SampleArray::SampleArr...6.5Feb 19, 2025
• CVE-2025-25946An issue in Bento4 v1.6.0-641 allows an attacker to cause a memory leak via Ap4Marlin.cpp and Ap4Processor.cpp, specifically in AP4_MarlinIpmpEncryptingProcessor::Initialize and AP4_Processor::Proc...5.5Feb 19, 2025
• CVE-2025-25944Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary code via the Ap4RtpAtom.cpp, specifically in AP4_RtpAtom::AP4_RtpAtom, during the execution of mp4fr...7.3Feb 19, 2025
• CVE-2025-25945An issue in Bento4 v1.6.0-641 allows an attacker to obtain sensitive information via the the Mp4Fragment.cpp and in AP4_DescriptorFactory::CreateDescriptorFromStream at Ap4DescriptorFactory.cpp.6.5Feb 19, 2025
• CVE-2025-25947An issue in Bento4 v1.6.0-641 allows an attacker to trigger a segmentation fault via Ap4Atom.cpp, specifically in AP4_AtomParent::RemoveChild, during the execution of mp4encrypt with a specially cr...5.5Feb 19, 2025
• CVE-2024-57598A floating point exception (divide-by-zero) vulnerability was discovered in Bento4 1.6.0-641 in function AP4_TfraAtom() of Ap4TfraAtom.cpp which allows a remote attacker to cause a denial of servic...6.5Feb 5, 2025
• CVE-2025-0870Axiomatic Bento4 Ap4DataBuffer.h GetData heap-based overflow5.6Jan 30, 2025
• CVE-2025-0753Axiomatic Bento4 mp42aac ReadPartial heap-based overflow6.3Jan 27, 2025
• CVE-2025-0751Axiomatic Bento4 mp42aac ReadBits heap-based overflow6.3Jan 27, 2025
• CVE-2024-31002Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4 BitReader::ReadCache() at Ap4Utils.cpp component.9.8Apr 2, 2024
• CVE-2024-31004An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the Ap4StsdAtom.cpp,AP4_StsdAtom::AP4_StsdAtom,mp4fragment.9.8Apr 2, 2024