[lern_too_spel]

> Nothing will save you here except switching off showing pictures

Or having a trustable image decoder, which is what web browsers actually do. This is a basic requirement that you are proposing to do away with by instead not showing images at all.

[fsflover]

> trustable image decoder

This may never exist, since all software have bugs. Instead, you can isolate opening your pictures into a different VM, keeping this VM safe.

> what web browsers actually do

Haven't we seen related vulnerabilities?

[lern_too_spel]

> This may never exist

It's existed for years. https://chromium.googlesource.com/chromium/src/+/HEAD/third_...

Similarly, the JPEG XL decoder Chromium integrated is written in Rust, eliminating large classes of exploitable errors.

> Haven't we seen related vulnerabilities?

Repeatedly. That's why browser vendors are careful about adding new image decoders, and no, Qubes does not solve the problem.