PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary. Reference: https://gitlab.freedesktop.org/poppler/poppler/issues/741 Upstream commit: https://gitlab.freedesktop.org/poppler/poppler/commit/fada09a2ccc11a3a1d308e810f1336d8df6011fd
Created poppler tracking bugs for this issue: Affects: fedora-all [bug 1691725]
Red Hat Enterprise Linux 7 poppler (0.26.5) does not appear to be impacted by this stack overflow and completes without segfaulting. Versions before 0.26.5 do not appear impacted as well -- the code is quite different.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:2713 https://access.redhat.com/errata/RHSA-2019:2713
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-9903