Bento4 is an open source C library for reading and writing MP4 files. Bento4 version 1.6.0-639 suffers from a denial-of-service vulnerability that stems from AP4_CttsAtom::Create in its Core/Ap4CttsAtom.cpp component, which may consume too much memory. An attacker could exploit the vulnerability to cause the program to crash.