The vulnerability is a stack overflow triggered by a crafted MP4 file through the AP4_Array<AP4. The overflow can corrupt the stack, causing the media processing library resulting in a denial of service. This is a classic stack‑based buffer overflow weakness (CWE‑120). No information is available that the overflow would lead to code execution or data disclosure, so the primary effect is service interruption.

Bento4 component from axiomatic‑systems used in media handling applications before version 1.8.9. Any software that incorporates this library to parse or write MP4 files is potentially affected.

The exact CVSS score is not published, and EPSS data is unavailable; however, a stack overflow that causes a crash is inherently high risk for availability. Exploitation requires an attacker to supply a malicious MP4 file to an application that uses the vulnerable library, which could be achieved remotely if the application accepts such files over a network, or locally otherwise. Because the flaw leads to a DoS rather than sensitive data compromise or remote code execution, the exploitation probability is considered high for DoS, but the impact is limited to service availability.