The bm_new function in bitmap.h in potrace 1.13 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.