Launchpad.net

CVE 2016-8685

The findnext function in decompose.c in potrace 1.13 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted BMP image.

See the CVE page on Mitre.org for more details.