The findnext function in decompose.c in potrace 1.13 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted BMP image.