Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.
* More info: https://www.openwall.com/lists/oss-security/2018/11/10/1 -- Gentoo Security Scout Vladimir Krstulja
* Better URL, upstream issue https://gitlab.freedesktop.org/poppler/poppler/issues/664 -- Gentoo Security Scout Vladimir Krstulja
This has been fixed in 0.70.0
Cleanup done.
This issue was resolved and addressed in GLSA 201904-04 at https://security.gentoo.org/glsa/201904-04 by GLSA coordinator Aaron Bauman (b-man).