Bento4 is an open source C library for reading and writing MP4 files. Bento4 v1.6.0-639 contains a denial of service vulnerability that stems from a boundary error in the AP4_BitReader::SkipBits(unsigned int) function in mp42ts when handling untrusted input. An attacker could exploit the vulnerability to launch a denial-of-service attack.