The issue is related to VU196617 [cert.org], which involves the open source Xpdf and poppler applications and their handling of JBIG2 data. This new vulnerability is in addition to previous issues with the PDF distiller service. Researchers uncovered a sophisticated, incredibly well-resourced APT that has its fingers in wide-ranging espionage and disinformation campaigns. FinSpy has returned in new campaigns targeting dissident organizations in Egypt and researchers uncovered new samples of the spyware targeting macOS and Linux users.
Source: https://threatpost.com/blackberry-plugs-code-execution-holes-042109/72581/