Junchao Luan

**Name of the Vulnerable Software and Affected Versions** Poppler versions 0.64.0 and earlier **Description** The issue is related to the FoFiType1C::cvtGlyph function in the Poppler library, which can cause a denial of service due to infinite recursion when processing a crafted PDF file. This can be exploited by remote attackers, as demonstrated by the pdftops tool. The vulnerability is associated with the infinite loop in the function. **Recommendations** For Poppler version 0.64.0 and earlier, consider updating to a newer version that contains a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Poppler version 0.59.0 **Description** The issue is related to a NULL pointer dereference vulnerability in the FoFiType1C::convertToType0 function, located in FoFiType1C.cc. This vulnerability occurs because a data structure is not properly initialized, allowing an attacker to launch a denial of service attack. **Recommendations** For Poppler version 0.59.0, consider applying a patch or fix that properly initializes the data structure used by the FoFiType1C::convertToType0 function to prevent the NULL pointer dereference. At the moment, there is no information about a newer version that contains a fix for this vulnerability.