Heap-based buffer overflow in IrfanView before 4.33 allows remote attackers to execute arbitrary code via a crafted RLE compressed bitmap file such as a DIB, RLE, or BMP image.