Secrookie

**Name of the Vulnerable Software and Affected Versions** Axiomatic Bento4 versions up to 1.6.0-641 **Description** The issue affects the function `AP4 DataBuffer::GetData` in the library `Ap4DataBuffer.h`, leading to a heap-based buffer overflow. This can be exploited remotely, with a rather high complexity of attack. The exploitation is known to be difficult. The product uses a rolling release for continuous delivery, and thus no specific version details for affected or updated releases are available. **Recommendations** Axiomatic Bento4 versions up to 1.6.0-641: Update to a version later than 1.6.0-641, or apply a patch that fixes the `AP4 DataBuffer::GetData` function in the `Ap4DataBuffer.h` library to prevent heap-based buffer overflow.