UBUNTU-CVE-2020-25725
In Xpdf 4.02, SplashOutputDev::endType3CharGfxState state SplashOutputDev.cc:3079 is trying to use the freed t3GlyphStack-cache, which causes an heap-use-after-free problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referred to...