Hi,
we encountered the same problem but with downloads of older publications
which probably also are scans.
Having a closer look at the changes in
poppler/0.26.5-2+deb8u2
it seems the patch upstream_CVE-2017-9776.patch is incomplete.
Probably just a line with "continue;" is missing.
In our case the small attached patched fixed the problem.
Regards,
Andreas
--- a/poppler/JBIG2Stream.cc
+++ b/poppler/JBIG2Stream.cc
@@ -892,6 +892,7 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *b
for (yy = y0; yy < y1; ++yy) {
if (unlikely((y + yy >= h) || (y + yy < 0)))
+ continue;
// one byte per line -- need to mask both left and right side
if (oneByte) {