A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened.
Poppler has a stack-based buffer overflow in GfxState.cc, which allows attackers to cause a denial of service (application crash) via a crafted PDF document.
Created mingw-poppler tracking bugs for this issue:
Affects: fedora-all [bug 1459068]
Created poppler tracking bugs for this issue:
Affects: fedora-all [bug 1459067]
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2017:2551 https://access.redhat.com/errata/RHSA-2017:2551