Core Security Technologies Advisory – Corel Paint Shop Pro Photo X2 is prone to a heap-based buffer overflow when processing malformed FPX files, because it trusts user-controlled data located inside a FPX file and uses it as a loop counter when copying data from a FPX file into a fixed-size buffer located in the heap. This vulnerability can be exploited to overwrite adjacent heap chunks metadata, and possibly to gain arbitrary code execution.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/85845/CORE-2009-1126.txt
Source: https://packetstormsecurity.com/files/85845/Core-Security-Technologies-Advisory-2009.1126.html