FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc. Reference: https://research.loginsoft.com/vulnerability/stack-based-buffer-overflow-in-error-poppler-0-75-0/ https://gitlab.freedesktop.org/poppler/poppler/issues/752
Created poppler tracking bugs for this issue: Affects: fedora-all [bug 1699863]
Upstream patch: https://gitlab.freedesktop.org/aacid/poppler/commit/8051f678b3b43326e5fdfd7c03f39de21059f426 This is really a stack-overflow due to infinite loop and not really a stack-based overflow as suggested by the researcher. Also based on the attack vector this is really a borderline security flaw.