diff --git a/rtcp/src/error.rs b/rtcp/src/error.rs
index d46487904..8e0e49838 100644
--- a/rtcp/src/error.rs
+++ b/rtcp/src/error.rs
@@ -96,6 +96,8 @@ pub enum Error {
     BadStructMemberType,
     #[error("Cannot read into non-pointer")]
     BadReadParameter,
+    #[error("Invalid block size")]
+    InvalidBlockSize,
 
     #[error("{0}")]
     Util(#[from] util::Error),
diff --git a/rtcp/src/extended_report/dlrr.rs b/rtcp/src/extended_report/dlrr.rs
index 0d24f5d12..e83c70a31 100644
--- a/rtcp/src/extended_report/dlrr.rs
+++ b/rtcp/src/extended_report/dlrr.rs
@@ -123,7 +123,10 @@ impl Unmarshal for DLRRReportBlock {
         }
 
         let xr_header = XRHeader::unmarshal(raw_packet)?;
-        let block_length = xr_header.block_length * 4;
+        let block_length = match xr_header.block_length.checked_mul(4) {
+            Some(length) => length,
+            None => return Err(error::Error::InvalidBlockSize.into()),
+        };
         if block_length % DLRR_REPORT_LENGTH != 0 || raw_packet.remaining() < block_length as usize
         {
             return Err(error::Error::PacketTooShort.into());
diff --git a/rtcp/src/extended_report/prt.rs b/rtcp/src/extended_report/prt.rs
index 9c3383b9b..feb40e09c 100644
--- a/rtcp/src/extended_report/prt.rs
+++ b/rtcp/src/extended_report/prt.rs
@@ -118,7 +118,10 @@ impl Unmarshal for PacketReceiptTimesReportBlock {
         }
 
         let xr_header = XRHeader::unmarshal(raw_packet)?;
-        let block_length = xr_header.block_length * 4;
+        let block_length = match xr_header.block_length.checked_mul(4) {
+            Some(length) => length,
+            None => return Err(error::Error::InvalidBlockSize.into()),
+        };
         if block_length < PRT_REPORT_BLOCK_MIN_LENGTH
             || (block_length - PRT_REPORT_BLOCK_MIN_LENGTH) % 4 != 0
             || raw_packet.remaining() < block_length as usize
diff --git a/rtcp/src/extended_report/rle.rs b/rtcp/src/extended_report/rle.rs
index 6677bb7c0..6fcc14700 100644
--- a/rtcp/src/extended_report/rle.rs
+++ b/rtcp/src/extended_report/rle.rs
@@ -210,7 +210,10 @@ impl Unmarshal for RLEReportBlock {
         }
 
         let xr_header = XRHeader::unmarshal(raw_packet)?;
-        let block_length = xr_header.block_length * 4;
+        let block_length = match xr_header.block_length.checked_mul(4) {
+            Some(length) => length,
+            None => return Err(error::Error::InvalidBlockSize.into()),
+        };
         if block_length < RLE_REPORT_BLOCK_MIN_LENGTH
             || (block_length - RLE_REPORT_BLOCK_MIN_LENGTH) % 2 != 0
             || raw_packet.remaining() < block_length as usize
diff --git a/rtcp/src/extended_report/rrt.rs b/rtcp/src/extended_report/rrt.rs
index 8c069f595..c772788fd 100644
--- a/rtcp/src/extended_report/rrt.rs
+++ b/rtcp/src/extended_report/rrt.rs
@@ -98,7 +98,10 @@ impl Unmarshal for ReceiverReferenceTimeReportBlock {
         }
 
         let xr_header = XRHeader::unmarshal(raw_packet)?;
-        let block_length = xr_header.block_length * 4;
+        let block_length = match xr_header.block_length.checked_mul(4) {
+            Some(length) => length,
+            None => return Err(error::Error::InvalidBlockSize.into()),
+        };
         if block_length != RRT_REPORT_BLOCK_LENGTH || raw_packet.remaining() < block_length as usize
         {
             return Err(error::Error::PacketTooShort.into());
diff --git a/rtcp/src/extended_report/ssr.rs b/rtcp/src/extended_report/ssr.rs
index c1ee62bf5..e3ed69fef 100644
--- a/rtcp/src/extended_report/ssr.rs
+++ b/rtcp/src/extended_report/ssr.rs
@@ -186,7 +186,10 @@ impl Unmarshal for StatisticsSummaryReportBlock {
         }
 
         let xr_header = XRHeader::unmarshal(raw_packet)?;
-        let block_length = xr_header.block_length * 4;
+        let block_length = match xr_header.block_length.checked_mul(4) {
+            Some(length) => length,
+            None => return Err(error::Error::InvalidBlockSize.into()),
+        };
         if block_length != SSR_REPORT_BLOCK_LENGTH || raw_packet.remaining() < block_length as usize
         {
             return Err(error::Error::PacketTooShort.into());
diff --git a/rtcp/src/extended_report/unknown.rs b/rtcp/src/extended_report/unknown.rs
index 7243b1e4b..1242a767a 100644
--- a/rtcp/src/extended_report/unknown.rs
+++ b/rtcp/src/extended_report/unknown.rs
@@ -83,7 +83,10 @@ impl Unmarshal for UnknownReportBlock {
         }
 
         let xr_header = XRHeader::unmarshal(raw_packet)?;
-        let block_length = xr_header.block_length * 4;
+        let block_length = match xr_header.block_length.checked_mul(4) {
+            Some(length) => length,
+            None => return Err(error::Error::InvalidBlockSize.into()),
+        };
         if raw_packet.remaining() < block_length as usize {
             return Err(error::Error::PacketTooShort.into());
         }
diff --git a/rtcp/src/extended_report/vm.rs b/rtcp/src/extended_report/vm.rs
index 834fea223..355f35258 100644
--- a/rtcp/src/extended_report/vm.rs
+++ b/rtcp/src/extended_report/vm.rs
@@ -149,7 +149,10 @@ impl Unmarshal for VoIPMetricsReportBlock {
         }
 
         let xr_header = XRHeader::unmarshal(raw_packet)?;
-        let block_length = xr_header.block_length * 4;
+        let block_length = match xr_header.block_length.checked_mul(4) {
+            Some(length) => length,
+            None => return Err(error::Error::InvalidBlockSize.into()),
+        };
         if block_length != VM_REPORT_BLOCK_LENGTH || raw_packet.remaining() < block_length as usize
         {
             return Err(error::Error::PacketTooShort.into());