CVE 2018-20662

In Poppler 0.72.0, PDFDoc::setup in allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.

See the CVE page on for more details.