The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry.
Related bugs and status
CVE-2009-0755 (Candidate)
is related to these bugs: