CVE-2025-25942

Name of the Vulnerable Software and Affected Versions Bento4 version 1.6.0-641

Description An issue in Bento4 allows an attacker to obtain sensitive information via the mp4fragment tool when processing invalid files. Specifically, memory allocated in SampleArray::SampleArray in Mp4Fragment.cpp is not properly released.

Recommendations For Bento4 version 1.6.0-641, consider disabling the mp4fragment tool until a patch is available to prevent potential exploitation. Additionally, restrict access to the Mp4Fragment.cpp module to minimize the risk of sensitive information disclosure. At the moment, there is no information about a newer version that contains a fix for this issue.