CVE-2026-5235
Heap-Based Buffer Overflow in Axiomatic Bento4 MP4 Parser
Publication date: 2026-03-31
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| axiomatic | bento4 | to 1.6.0-641 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Axiomatic Bento4 up to version 1.6.0-641, specifically in the function AP4_BitReader::ReadCache within the file Ap4Dac4Atom.cpp of the MP4 File Parser component.
It is a heap-based buffer overflow caused by improper manipulation in that function.
The attack must be launched locally, meaning an attacker needs local access to exploit it.
The vulnerability has been publicly disclosed and may be exploited.
How can this vulnerability impact me? :
This heap-based buffer overflow vulnerability can potentially allow an attacker with local access to cause unexpected behavior in the affected software.
Such behavior might include crashes, data corruption, or possibly execution of arbitrary code depending on the exploit.
However, the CVSS scores indicate a relatively low to moderate severity, suggesting limited impact or complexity in exploitation.