Deep learning models are vulnerable to adversarial examples: maliciously perturbed inputs that compel models to make incorrect predictions with high confidence. We present an analysis of adversarial examples in the context of visual decompilers. Using the image-to-LaTeX task as a baseline for structured prediction problems, we show that targeted and non-targeted adversarial examples can fool the model using a minimal amount of perturbations. Additionally, we apply and discuss the limitations of two detection schemes. Finally, we propose—and subsequently break—two prevention strategies, one of which involves a novel attack for quantized adversarial examples.