I think libmagic (the file util) might be a good target for this. I think it had security issues in the past and considering how it contains a gazillion random parser for weird file formats, surely there is a good chance there are some more. But nobody would ever run file on a random file you just downloaded, would you? ;)
Yeah, something like that would probably be quite good. That said, I think even if you do have a nice memory-safe implementation of libmagic/file, it's probably a good idea to still use seccomp/namespacing/etc. to jail it when using it in security critical contexts. Those features don't really incur much cost so it's a free extra layer of security, and you still get the robustness bonus of guaranteed memory safety.
