When the attached file is uploaded and a preview is generated (e.g. in the folder overview of the files app), the PHP process allocates a very large amount of memory (on my machine it was shortly around 5 GByte) and CPU.
Tested with latest master (1366b35081f1d92429787696f4175c19a602858a) on Ubuntu 20.04 (php7.4-fpm). Option “memory_limit” is set to 512M.
An attacker can cause a denial of service by uploading lots of such files which will cause the server to allocate too much memory / CPU.