Integer overflow in IrfanView 4.23, when the resampling or screen fitting option is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF 1 BPP image, which triggers a heap-based buffer overflow.
http://www.securityfocus.com/bid/35423
http://www.irfanview.com/main_history.htm