The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JPEG data. References: https://forum.xpdfreader.com/viewtopic.php?f=3&t=40842
Created xpdf tracking bugs for this issue: Affects: epel-all [bug 1578897]