gstreamer-plugins-bad includes a NES 6502 emulator, which was vulnerable to RCE.

Review of many different software vulnerabilities caused by obscure undertested (mis-)features.

A modern web browser is the software equivalent of Gabriel’s Horn. Finite volume, but infinite attack surface.