FFmpeg is vulnerable to denial of service (DoS) attacks. These attacks are possible because FFmpeg does not check for an EOF (End of File) in the asf_read_marker()
function. This leads to high CPU and memory consumption when a malicious ASF file with a large name_len
or count
field in the header but without sufficient backing data is input.