CVE-2012-1197

Name of the Vulnerable Software and Affected Versions ACDSee version 14.1 Build 137

Description The issue is related to an integer overflow in the IDE ACDStd.apl module, which can be triggered by crafted "image dimension values" in a BMP file. This leads to a heap-based buffer overflow, allowing remote attackers to execute arbitrary code.

Recommendations For ACDSee version 14.1 Build 137, consider avoiding the use of the IDE ACDStd.apl module until a patch is available. As a temporary workaround, restrict the processing of BMP files with potentially crafted "image dimension values" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.