>he uses Google botnet file formats
https://www.rapid7.com/db/search?q=CVE-2015-4486
>2015
>>62490138
>>62490151
>I don't know how security works
>>62490264
You don't obviously, because CVEs have the year they were published in their fucking identifier.
A buffer overflow exploit is fully at fault of the developers making the decoder, and if you want to grasp at straws you can go on and blame using unsafe languages like C/C++.
Has nothing to do with the file format spec.
>>62490138
Find me a usable video format without vulns, let alone a free one. Basically impossible to have software as complex as a video codec without introducing bugs. If you're concerned about libvpx specifically, ffmpeg has their own decoder implementation.
I really couldn't give a toss about WebP though, JPEG just werks even though it's had it's own vulns over the years.
>>62490138
>unironically advocating .gif and .mp4
fucking leave OP