CVE-2025-25947

Name of the Vulnerable Software and Affected Versions Bento4 version 1.6.0-641

Description An issue in Bento4 allows an attacker to trigger a segmentation fault via Ap4Atom.cpp, specifically in AP4 AtomParent::RemoveChild, during the execution of mp4encrypt with a specially crafted MP4 input file.

Recommendations For Bento4 version 1.6.0-641, as a temporary workaround, consider disabling the AP4 AtomParent::RemoveChild function until a patch is available. Restrict access to the Ap4Atom.cpp module to minimize the risk of exploitation. Avoid using specially crafted MP4 input files in the affected mp4encrypt function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.