Bento4 is an open source C library for reading and writing MP4 files. bento4 v1.6.0-639 is vulnerable to a buffer error, which stems from a heap overflow in the AP4_Atom::TypeFromString function of the mp4tag component, which could be exploited by an attacker to affect the confidentiality, integrity or availability of the system.