Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.
https://usn.ubuntu.com/4042-1/
https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html
https://lists.debian.org/debian-lts-announce/2019/04/msg00011.html
https://gitlab.freedesktop.org/poppler/poppler/issues/736