After reading these, the jury is still out in regards to software? I will investigate this further?
Communication channels. https://en.wikipedia.org/wiki/HDMI#Communication_channelshttps://en.wikipedia.org/wiki/HDMI#HDMI_Ethernet_and_Audio_Return_Channelhttps://en.wikipedia.org/wiki/High-bandwidth_Digital_Content_Protection
VGA and HDMI are not one-way; besides the main send-pictures functionality, there is some low-bandwidth bidirectional communication. This is how a computer can "know" that a new display was connected, and what resolution to use on that display. In the case of VGA, this was a backported feature (VGA displays from the early 1990s could not do that).
Theoretically, this could be exploited, if (and only if) there is some weakness in the receiving part (the display card and its driver). The protocol is not complex (no TCP/IP stack involved) so exploitable security holes should be rare.
Usually, a malicious display can do much more evil by simply logging a copy of everything that is displayed. For instance, I have an account in a bank, such that for online banking I "type" a password by clicking on semi-randomly located buttons. A screen logger grabs the password easily in such conditions (ironically, that system was meant to thwart keyloggers). Therefore, the usual wisdom is that if your display is malicious, then you already have bigger problems.
Note: some displays also double as a USB hub -- and weaknesses in USB protocols have been exploited (e.g. the "PS3 Jailbreak" from 2010). For common PC, the USB link is an extra plug, but these things may change. For instance, Apple computers now use the Thunderbolt interface which is fully bidirectional and uses a rather complex protocol, where security holes are quite plausible. https://security.stackexchange.com/questions/19007/vga-hdmi-based-attack
Image ports, like VGA, DVI and HDMI, are fully safe, as they cannot mount or send commands to the computer. They can send identification strings to the computer, like the manufacturer name of the screen and its supported rates and resolutions, but to actually compromise anything, the device would then need to take advantage of a exploit in the host computer like a buffer overflow or similar AND the monitor must be firmware-upgradeable over the image port, so the malicious payload can be installed.
Pretty unlikeably that the computer monitor would be firmware-upgradeable via its picture input AND you get a malware in the "bad" computer that supports infecting the monitor AND the "clean" computer is vulnerable (Buffer overflow or similar) to bad strings sent via the image port. https://security.stackexchange.com/questions/137308/is-it-possible-to-transfer-malware-viruses-through-a-kvm-switch-from-one-comput