Bento4 is an open source C library for reading and writing MP4 files.Bento4 v1.6.0-639 contains a denial of service vulnerability that originates in AP4_DescriptorFactory:.CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp: CreateDescriptorFromStream is not freed or fails to free dynamically allocated heap memory, an attacker can exploit the vulnerability to cause a denial of service.