Integer overflow in FastStone Image Viewer 2.9 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted BMP image, as demonstrated by wh3intof.bmp and wh4intof.bmp.
http://www.securityfocus.com/bid/23312
http://www.securityfocus.com/archive/1/464726/100/0/threaded
http://securityreason.com/securityalert/2558