CVE-2026-5236

What is affected: Axiomatic Bento4 up to 1.6.0-641, specifically the DSI v1 Parser’s file Ap4Dac4Atom.cpp. Root cause: the AP4_BitReader::SkipBits function can be manipulated via the n_presentations argument, causing a heap-based buffer overflow. Impact: a local attack with potential heap corrupt...

Bento4 安全漏洞

Bento4 is an open-source C++ library developed by Axiomatic Systems for reading and writing MP4 files. Versions of Bento4 prior to 1.6.0-641 contained security vulnerabilities. These vulnerabilities were caused by incorrect handling of the parameter npresentations in the AP4BitReader::SkipBits...