Alin Rad Pop discovered several buffer overflows in the Poppler PDF library, which could allow the execution of arbitrary code if a malformed PDF file is opened. The old stable distribution (sarge) doesn't contain poppler.