Name of the Vulnerable Software and Affected Versions:

Axiomatic Bento4 versions up to 1.6.0-641

Description:

A problematic issue exists in the `mp4decrypt` component, specifically within the `AP4 DataBuffer::SetDataSize` function of the `Mp4Decrypt.cpp` file. This issue leads to resource allocation. The attack can be launched remotely, but is considered difficult to exploit. The exploit has been publicly disclosed.

Recommendations:

Update to a version of Axiomatic Bento4 newer than 1.6.0-641.