Bento4 is an open source C library for reading and writing MP4 files. version v1.6.0-639 of Bento4 suffers from a buffer overflow vulnerability, which stems from a heap overflow in the AP4_BitReader::ReadBits function of the mp4mux component. An attacker could exploit the vulnerability to affect the confidentiality, integrity, or availability of the system.