But media files that exploit parsers is the bigger issue. Errors in parsing have allowed for code execution, etc, in whatever context the parser runs; look into Stagefright and the many similar exploits before and after. Accepting media files from anywhere without user interaction is pretty risky. WhatsApp has a media file sanitizer, but it may not catch everything.
Disclosure: I worked at WhatsApp until 2019; but not on the media file sanitizer.
If the file is placed in your phone's media folder, it may be displayed when you use media features on your phone. It may also be processed automatically by other software; maybe to generate a thumbnail for use in the system media view or other reasons.
But media files that exploit parsers is the bigger issue. Errors in parsing have allowed for code execution, etc, in whatever context the parser runs; look into Stagefright and the many similar exploits before and after. Accepting media files from anywhere without user interaction is pretty risky. WhatsApp has a media file sanitizer, but it may not catch everything.
Disclosure: I worked at WhatsApp until 2019; but not on the media file sanitizer.