XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .bie file, related to a "Read Access Violation on Block Data Move starting at Xjbig+0x000000000000121b."
https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9914