Bento4 is a C class library and tool for reading and writing ISO-MP4 files. A null pointer dereference vulnerability exists in the AP4_DescriptorFinder::Test component in /Core/Ap4Descriptor.h in Bento4 1.6.0-636 and earlier versions. An attacker could exploit this vulnerability to cause a denial of service.