Bento4

by Axiomatic Systems, LLC.v1.6.0-641

Last updated Jun 8, 2026

A fast, modern, open source C++ toolkit for all your MP4 and DASH/HLS/CMAF media format needs.

Install with winget

$ winget install --id AxiomaticSystems.Bento4 --exact --version 1.6.0-641

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

About

Bento4 is a C++ class library and tools designed to read and write ISO-MP4 files. This format is defined in international specifications ISO/IEC 14496-12, 14496-14 and 14496-15. The format is a derivative of the Apple Quicktime file format, so Bento4 can be used to read and write most Quicktime files as well. In addition to supporting ISO-MP4, Bento4 includes support for parsing and multiplexing H.264 and H.265 elementary streams, converting ISO-MP4 to MPEG2-TS, packaging HLS and MPEG-DASH, CMAF, content encryption, decryption, and much more.

Features

A number of formats and features based on the ISO-MP4 format and related technologies are also supported, including:

- MPEG DASH with fragmented MP4 files, as defined in the international specification ISO/IEC 23009-1

- HLS with TS or MP4 segments (dual DASH/HLS output), as defined in RFC 8216

- CMAF (Common Media Application Format) as defined in ISO/IEC 23000-19

- MPEG Common Encryption (CENC) as specified in the international specification ISO/IEC 23001-7

- PIFF (Protected Interoperable File Format), and encrypted, fragmented MP4 format specified by Microsoft and used for encrypted HTTP Smooth Streaming.

- Reading and writing 3GPP and iTunes-compatible metadata.

- ISMA Encrytion and Decryption as defined in the ISMA E&A specification

- OMA 2.0 and 2.1 DCF/PDCF Encryption and Decryption as defined in the OMA specifications.

- ISO-MP4 files profiled as part of the 3GPP family of standards.

- The UltraViolet (DECE) CFF (Common File Format).

- Parsing and multiplexing of H.264 (AVC) video and AAC audio elementary streams

- Support for multiple DRM systems that are compatible with MP4-formatted content (usually leveraging CENC Common Encryption), such as Marlin, PlayReady, Widevine, FairPlay and Adobe Access.

- Support for a wide range of codecs, including H.264 (AVC), H.265 (HEVC), AAC, HE-AAC, xHE-AAC, AC3 and eAC3 (Dolby Digital), AC4, Dolby Atmos, DTS, ALAC, and many more.

- Support for Dolby Vision and HDR.

The SDK is designed to be cross-platform. The code is very portable; it can be compiled with any sufficiently modern C++ compiler. The implementation does not rely on any external library. All the code necessary to compile the SDK and tools is included in the standard distribution. The standard distribution contains makefiles for unix-like operating systems, including Linux and Android, project files for Microsoft Visual Studio, and an XCode project for MacOS X and iOS. There is also support for building the library with the SCons build system as well as CMake.

Installers · v1.6.0-641

Architecture	Type	Scope	Install	Download
x64	ZIP archive	-		Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

25 known CVEs via NVD

low3.7Fix availableCVE-2025-8537affects <=1.6.0-641Aug 4, 2025
A vulnerability, which was classified as problematic, was found in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4_DataBuffer::SetDataSize of the file Mp4Decrypt.cpp of the component mp4decrypt. The manipulation leads to allocation of resources. It is possible to...
medium5.5Fix availableCVE-2025-25947affects v1.6.0-641Feb 19, 2025
An issue in Bento4 v1.6.0-641 allows an attacker to trigger a segmentation fault via Ap4Atom.cpp, specifically in AP4_AtomParent::RemoveChild, during the execution of mp4encrypt with a specially crafted MP4 input file.
Vendor advisory
medium5.5Fix availableCVE-2025-25946affects v1.6.0-641Feb 19, 2025
An issue in Bento4 v1.6.0-641 allows an attacker to cause a memory leak via Ap4Marlin.cpp and Ap4Processor.cpp, specifically in AP4_MarlinIpmpEncryptingProcessor::Initialize and AP4_Processor::Process, during the execution of mp4encrypt with a specially crafted MP4 input file.
Vendor advisory
medium6.5Fix availableCVE-2025-25945affects v1.6.0-641Feb 19, 2025
An issue in Bento4 v1.6.0-641 allows an attacker to obtain sensitive information via the the Mp4Fragment.cpp and in AP4_DescriptorFactory::CreateDescriptorFromStream at Ap4DescriptorFactory.cpp.
Vendor advisory
high7.3Fix availableCVE-2025-25944affects v1.6.0-641Feb 19, 2025
Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary code via the Ap4RtpAtom.cpp, specifically in AP4_RtpAtom::AP4_RtpAtom, during the execution of mp4fragment with a crafted MP4 input file.
Vendor advisory
high7.8Fix availableCVE-2025-25943affects v1.6.0-641Feb 19, 2025
Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary code via the AP4_Stz2Atom::AP4_Stz2Atom component located in Ap4Stz2Atom.cpp.
Vendor advisory
medium6.5Fix availableCVE-2025-25942affects v1.6.0-641Feb 19, 2025
An issue in Bento4 v1.6.0-641 allows an attacker to obtain sensitive information via the the mp4fragment tool when processing invalid files. Specifically, memory allocated in SampleArray::SampleArray in Mp4Fragment.cpp is not properly released.
Vendor advisory
medium6.5Fix availableCVE-2024-57598affects v1.6.0-641Feb 5, 2025
A floating point exception (divide-by-zero) vulnerability was discovered in Bento4 1.6.0-641 in function AP4_TfraAtom() of Ap4TfraAtom.cpp which allows a remote attacker to cause a denial of service vulnerability.

Showing 8 of 25. Source: NVD, updated 4h ago. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr - automated patching is the only way to keep up.

Related apps

Microsoft TeamsMicrosoft Corporation
Microsoft.Teamsv26134.1702.4747.7366
Collaborate more effectively with a faster, simpler, smarter, and more flexible Teams.
FFmpegGyan
Gyan.FFmpegv8.1.1
A complete, cross-platform solution to record, convert and stream audio and video.
yt-dlpyt-dlp
yt-dlp.yt-dlpv2026.06.09
A feature-rich command-line audio/video downloader.
CapCutBytedance Pte. Ltd.
ByteDance.CapCutv8.7.0.3685
A video editing tool packed with features on your desktop or laptop
VLC media playerVideoLAN
VideoLAN.VLCv3.0.23
VLC is a free and open source cross-platform multimedia player and framework that plays most multimedia files, and various streaming protocols.
Wondershare FilmoraWondershare Software
Wondershare.Filmorav15.5.3.19727
An intuitive video editor for every skill level.

More from Axiomatic Systems, LLC. or browse media, mp4, quicktime.

Frequently asked questions

How do I install Bento4 on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id AxiomaticSystems.Bento4 --exact --version 1.6.0-641. winget downloads the installer from Axiomatic Systems, LLC. and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install Bento4 silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id AxiomaticSystems.Bento4 --exact 1.6.0-641 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

How do I uninstall Bento4 via winget?

Run: winget uninstall --id AxiomaticSystems.Bento4 --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from Bento4's Apps & Features entry.

Is Bento4 free?

Bento4 is distributed under Freeware. Refer to the publisher (https://www.bento4.com/downloads/) for the full license terms - Wingetly itself does not charge for installation.

Does Bento4 work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls Bento4 directly from the publisher.

How do I keep Bento4 up to date?

Run winget upgrade --id AxiomaticSystems.Bento4 --exact, or winget upgrade --all to update everything winget tracks. We index 1 version of Bento4 from microsoft/winget-pkgs.