It’s a form of buffer overflow attack.

Basically, a specially designed image file encoded using webp could cause the computer trying to decode the image to keep writing past the end of the allocated memory buffer, which has protections to prevent exploits, into memory spaces that doesn’t have that protection

Once your in that unprotected space, you can then start writing code instructions that the operating system will execute, such as changing access permissions to allow the hacker access.

That make sense?