Some vulnerabilities have been reported in Poppler, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

1) An error in "Gfx::getPos()" can be exploited to dereference an uninitialised pointer.

2) An array indexing error exists when parsing Type1 fonts in "FoFiType1::parse()", which can be exploited to corrupt memory via a specially crafted PDF file.

3) Other vulnerabilities are caused due to e.g. memory leak errors, which can be exploited to cause a crash by e.g. tricking a user opening a specially crafted PDF file in an application using the library.

4) An error within the "Gfx" class when handling untrusted command streams can be exploited to cause a memory corruption by tricking a user into opening a specially crafted PDF file in an application using the library.

Solution
Update to version 0.16.0.

Provided and/or discovered by
1-3) Joel Voss, Leviathan Security Group
4) David Benjamin. Security impact reported by Dan Rosenberg.

Changelog
Further details available to Secunia VIM customers

Original Advisory
Poppler:
http://cgit.freedesktop.org/poppler/poppler/commit/?id=473de6f88a055bb03470b4af5fa584be8cb5fda4
http://cgit.freedesktop.org/poppler/poppler/commit/?id=2fe825deac055be82b220d0127169cb3d61387a8
http://cgit.freedesktop.org/poppler/poppler/commit/?id=d2578bd66129466b2dd114b6407c147598e09d2b
http://cgit.freedesktop.org/poppler/poppler/commit/?id=c6a091512745771894b54a71613fd6b5ca1adcb3
http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473
http://cgit.freedesktop.org/poppler/poppler/commit/?id=a2dab0238a69240dad08eca2083110b52ce488b7
http://cgit.freedesktop.org/poppler/poppler/commit/?id=3422638b2a39cbdd33a114a7d7debc0a5f688501
http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf
http://cgit.freedesktop.org/poppler/poppler/commit/?id=bf2055088a3a2d3bb3d3c37d464954ec1a25771f
http://cgit.freedesktop.org/poppler/poppler/commit/?id=dfdf3602bde47d1be7788a44722c258bfa0c6d6e
http://cgit.freedesktop.org/poppler/poppler/commit/?id=26a5817ffec9f05ac63db6c5cd5b1f0871d271c7
http://cgit.freedesktop.org/poppler/poppler/commit/?id=9706e28657ff7ea52aa69d9efb3f91d0cfaee70b

Red Hat:
https://rhn.redhat.com/errata/RHSA-2010-0749.html

Dan Rosenberg:
http://www.openwall.com/lists/oss-security/2011/01/20/6

Deep Links
Links available to Secunia VIM customers