Fedora has issued an advisory on July 5:
Mageia 7 is also affected.
The updated packages fix a security vulnerability:
A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content. (CVE-2019-12360)
Updated packages in core/updates_testing:
Installed and tested without issues.
Tested on a many pdf files, large and small. No issues found.
System: Mageia 7, x86_64, Plasma DE, LXQt DE, Intel CPU, nVidia GPU using nvidia340 proprietary driver.
$ uname -a
Linux marte 5.6.14-desktop-2.mga7 #1 SMP Wed May 20 23:14:20 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | grep xpdf
Validating. Advisory in Comment 1.
An update for this issue has been pushed to the Mageia Updates repository.