According to the RedHat summary :
libpoppler in poppler version 0.60.1 is vulnerable to an invalid read and subsequent crash when parsing a specially crafted PDF. The invalid read is caused by incorrect boundary validation in TextOutputDev.cc:TextPool::addWord(), leading to overflow in subsequent calculations.
(I checked and it is present in the gentoo stable version, which is 0.57.0-r1.)
Upstream patch at , needs massaging for gentoo stable version.
Cleanup done, security, please proceed.
This issue was resolved and addressed in
GLSA 201804-03 at https://security.gentoo.org/glsa/201804-03
by GLSA coordinator Aaron Bauman (b-man).