|The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1
patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and
other products, allows remote attackers to have an unknown impact,
possibly including denial of service (infinite loop), arbitrary code
execution, or memory corruption, via a PDF file with a (1) crafted
catalog dictionary or (2) a crafted Pages attribute that references an
invalid page tree node.