Isn’t there an issue with webp where it could potentially run arbitrary code?
I actually held a presentation on it, yeah! It wasn’t really a webp problem, but an issue in the image decoder library which was used in basically… everything to open Webp. What happened was that you could tell the OS to build a super bad (Huffman Tree, which in turn led to the decoding not fitting in the allocated memory space and overflowing.