There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03.
Published May 18, 2022.
Xpdfreader Xpdf
