The user is not free to use whatever codec they want. Many niche codecs can't be put into the usual containers, so if you only accept QuickTime/MP4 and AVI, sometimes even just by limiting the file extension, those codecs can't be used.
If your service works by taking whatever file the user gives you and shoving it into unsandboxed ffmpeg, you've already fucked up. It would be nice if you could do that, but that's not a guarantee ffmpeg has ever provided, nor would it make sense for them to spend their limited resources on it.
> If your service works by taking whatever file the user gives you and shoving it into unsandboxed ffmpeg, you've already fucked up.
Isn't that what fuzzing and input validation is about? Most bugs presented in article suggest failures in the latter.