CVE-2022-24106/xpdf for poppler

When triaging incoming security issues in the CVE feed for Debian I noticed that http://www.xpdfreader.com/security-fixes.html mentions that the xpdf 4.04 release fixed the rather unspecific "CVE-2022-24106: fixed in 4.04 [Stream.cc]".

In https://bugzilla.suse.com/show_bug.cgi?id=CVE-2022-24106 Thomas Leroy of SuSE tracked down the respective commit as https://bugzilla.suse.com/attachment.cgi?id=861627&action=edit which seems to also affect current poppler master, so I filing a bug to bring this to your attention.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Admin message

CVE-2022-24106/xpdf for poppler