Stagefright was one of 2015’s most newsworthy BWAINs (Bugs with an Impressive Name): a security hole, or more accurately a cluster of holes, in Android’s libstagefright multimedia software component.
Multimedia objects such as images, video and audio are often stored in files with complex formats.
That, in turn, means lots of clever programming to read them in, decode them, decompress them into memory and prepare them for display.
And, as you probably know only too well, the more complex a program gets; the more calculations it needs to do based on numbers extracted from untrusted files; the more it needs to mess around allocating and deallocating memory and shuffling data between memory buffers…
…the more likely it is that some sort of buffer overflow or integer overflow bug will show up.