Integer overflow in the IDE_ACDStd.apl module for ACDSee 14.1 Build 137 allows remote attackers to execute arbitrary code via crafted "image dimension values" in a BMP file, which triggers a heap-based buffer overflow.
https://exchange.xforce.ibmcloud.com/vulnerabilities/73242
http://www.securityfocus.com/bid/52047