Image handling vulnerabilities

Notice how there's never vulns with decoding PCM sound files.  Why?  Because PCM is easy.

The more complex a file format, the harder it is to get right.  Packetized streams like MPEG
and AVI are outrageously complex to decode and process.  It requires huge amounts of code with
non-trivial stateful interaction between components.

I'm not sure it's even possible to thoroughly verify a zip archive, much less an MPEG stream!