In Poppler 0.73.0, a heap-based buffer over-read allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.