Bento4 is an open source C library for reading and writing MP4 files. Bento4 v1.6.0-639 contains a denial of service vulnerability that stems from a memory leak in the AP4_SttsAtom::Create method of the mp42hls component. An attacker could exploit the vulnerability to cause a denial of service.