A vulnerability was found in Poppler before 0.76.0 has an integer overflow in Parser::makeStream in Parser.cc. Reference: https://gitlab.freedesktop.org/poppler/poppler/commit/0868c499a9f5f37f8df5c9fef03c37496b40fc8a
Created mingw-poppler tracking bugs for this issue: Affects: fedora-all [bug 1753852] Created poppler tracking bugs for this issue: Affects: fedora-all [bug 1753851]
This has been already fixed in poppler 0.66.0.
Classic integer overflow causing heap buffer overflow when using crafted pdf files. Exploitation may be difficult, but not impossible, due to the small overflow size.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1074 https://access.redhat.com/errata/RHSA-2020:1074
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-21009