Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function. CREATE(Triage): {Link=https://nvd.nist.gov/vuln/detail/CVE-2019-9631 User=admin}