They wouldn't necessarily even have to get you to click on a link. There have been numerous attacks against image processing libraries.