FFmpeg is vulnerable to denial of service (DoS) attacks. These attacks are possible because FFmpeg does not check for an EOF (End of File) in the rl2_read_header()
function of libavformat/rl2.c
. This leads to high CPU and memory consumption when a malicious RL2 file with a large frame_count
field in the header but without sufficient backing data is input.