I remember stories from 20 years ago, about mplayer having security issues. These were supposedly used by people connected to the music industry to hack on people that were downloading music illegally. It felt very much as scaremongering, I didn't hear much of a followup.

In this age of video and especially video on the web, the added complexity might have accounted for even more security issues in decoders.