I mean yes it's relatively more risky but no it's not risky enough for me to not do occasional sudo tcpdump -X on an unconfigured machine in a problematic spot. The risk of me getting targeted by tcpdump zero-day while diagnosing some UDP broadcast problem on a LAN is diminutively low. Your situation is likely very different.

No, I mean, I generally agree, it's not high on my list of threat vectors, but the general advice to be mindful about a giant memory-unsafe blob of tooling-grade protocol parsers written by hundreds of different people over 3 decades seems astute.