Heap-based buffer overflow in xnview.exe in XnView prior to 2.13 allows remote malicious users to execute arbitrary code via the biBitCount field in a BMP file.
xnview xnview