Your problem isn't the quality of your own code, it's that Google exists and is unable to stop their employees from doing stupid things like inventing WebP, because now you need to support WebP too which means using their code to do it.
(Worse, WebP is at least two completely different formats - the lossless mode has nothing to do with the lossy mode.)
a) Google should be doing that in a memory safe language, kinda nuts that they haven't started doing that already
b) Apple could definitely write their own? Unless I'm missing something crazy here, it seems like they could burn 8 figures and just have their own implementations that are safe
They already did - WebP added a lossless mode and VP8 was updated to VP9.
Though the same may happen to JPEG; it always had 10-bit and 12-bit modes but most decoders don't support them. (Not sure if they can decode it as 8-bit or not.)
I think Apple should either sandbox or reimplement even the most complex formats. Video formats might be painfully complex to implement, but to avoid zero-click you don't even need to safeguard the whole process. You stop autoplaying and you ensure the safety of the parts that parse the metadata/thumbnails required to show the preview. Then worst case you have at least a 1-click threat when someone plays the video which then calls into some 3rd party code.
(Worse, WebP is at least two completely different formats - the lossless mode has nothing to do with the lossy mode.)