Buffer overflow in IrfanView 4.00 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted .IFF file.
https://www.exploit-db.com/exploits/3811
https://exchange.xforce.ibmcloud.com/vulnerabilities/33946
http://www.vupen.com/english/advisories/2007/1575