Bento4 is an open source C library for reading and writing MP4 files. Bento4 version 1.6.0-639 contains a denial-of-service vulnerability that originates in AP4_StdcFileByteStream::Create(AP4_FileByteStream*, char const*, AP4_FileByteStream::Mode, AP4_ByteStream* &) in System/StdC/Ap4StdCFileByteStream.cpp. FileByteStream*, char const*, AP4_FileByteStream::Mode, AP4_ByteStream* &) function in System/StdC/Ap4StdCFileByteStream.cpp does not release or fails to release dynamically allocated heap memory, an attacker can exploit the vulnerability to cause a denial of service attack.