CVE-2026-5236 | Axiomatic Bento4 up to 1.6.0-641 DSI v1 Parser Ap4Dac4Atom.cpp AP4_BitReader::SkipBits n_presentations heap-based overflow (Issue 1059)

A vulnerability was found in Axiomatic Bento4 up to 1.6.0-641 and classified as critical. Affected is the function AP4_BitReader::SkipBits of the file Ap4Dac4Atom.cpp of the component DSI v1 Parser. Such manipulation of the argument n_presentations leads to heap-based buffer overflow.

This vulnerability is documented as CVE-2026-5236. The attack needs to be performed locally. Additionally, an exploit exists.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More