CVE-2026-36907

Vulnerability Description

A stack overflow in the AP4_StsdAtom::AP4_StsdAtom component of axiomatic-systems Bento4 before v1.8.9allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

References

https://github.com/Aleksoid1978/MPC-BE/issues/1005
https://github.com/axiomatic-systems/Bento4/issues/614

FAQ

What is CVE-2026-36907?

CVE-2026-36907 is a documented vulnerability. A stack overflow in the AP4_StsdAtom::AP4_StsdAtom component of axiomatic-systems Bento4 before v1.8.9allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

How severe is CVE-2026-36907?

CVSS scoring is not yet available for CVE-2026-36907. Check NVD for updates.

Is there a patch for CVE-2026-36907?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.