When I was doing virus research we were forever getting reports of malware hidden in graphics files. Aside from the fact that it is trivially easy to embed anything in a Microsoft OLE format file, we generally found that such reports were unfounded: it's just not that easy to put malware into graphics. (Not impossible, mind, just not that easy.)
Turns out that a combination of poor fax protocols (made at a time when fax machines had no other functions) plus the implementation of fax into machines that are computerized mean that you can now craft malicious fax transmissions that will compromise a fax machine. And, possibly, the network to which it is connected.
Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413
This message may or may not be governed by the terms of http://www.noticebored.com/html/cisspforumfaq.html#Friday or https://blogs.securiteam.com/index.php/archives/1468
Reminds me of a proof of concept I read once where copy machines were exploited through a poorly secured process that was designed to send maintenance and supply information to the vendor. The technical details were interesting but I found the scenario business case interesting as well.
Company X and Company Y are in competition for a lucrative contract. Both have proposals to the potential customer in the near future. Y exploits the vulnerability in X's copy machine weeks prior to the proposal and programs it to secretly forward digital copies of whatever is scanned by X's machine to Y's proposal development team as valuable intelligence. Then, to further sabotage their victim, Y inserts code to cause X's machine to overheat, begin smoking, and set off the fire sprinklers thereby causing X to miss their proposal.