wchar.c in libfpx 1.3.1_p6 allows remote malicious users to cause a denial of service (NULL pointer dereference) via a crafted fpx image.
libfpx project libfpx 1.3.1