Both the Poppler and Xpdf projects are vulnerable to an integer overflow during heap memory allocation when processing a PDF file. In general, this results in unexpected process termination. If an application using this code is multi-threaded (or uses a crash signal handler), it may be possible to execute arbitrary code. Poppler versions below 0.12.1 are affected. Xpdf versions below 3.02p14 are affected.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/82143/oCERT-2009-016.txt
Source: https://packetstormsecurity.com/files/82143/Open-Source-CERT-Security-Advisory-2009.16.html