diff --git a/poppler-0.67.0-cycles-in-pdf-parsing.patch b/poppler-0.67.0-cycles-in-pdf-parsing.patch
new file mode 100644
index 0000000..aad8155
--- /dev/null
+++ b/poppler-0.67.0-cycles-in-pdf-parsing.patch
@@ -0,0 +1,65 @@
+From 3d35d209c19c1d3b09b794a0c863ba5de44a9c0a Mon Sep 17 00:00:00 2001
+From: Marek Kasik <mkasik@redhat.com>
+Date: Mon, 29 Oct 2018 17:44:47 +0100
+Subject: [PATCH] Avoid cycles in PDF parsing
+
+Mark objects being processed in Parser::makeStream() as being processed
+and check the mark when entering this method to avoid processing
+of the same object recursively.
+---
+ poppler/Parser.cc | 15 +++++++++++++++
+ poppler/XRef.h    |  1 +
+ 2 files changed, 16 insertions(+)
+
+diff --git a/poppler/Parser.cc b/poppler/Parser.cc
+index bd4845ab..8f48efbe 100644
+--- a/poppler/Parser.cc
++++ b/poppler/Parser.cc
+@@ -197,6 +197,18 @@ Stream *Parser::makeStream(Object &&dict, Guchar *fileKey,
+   Stream *str;
+   Goffset length;
+   Goffset pos, endPos;
++  XRefEntry *entry = nullptr;
++
++  if (xref && (entry = xref->getEntry(objNum, false))) {
++    if (!entry->getFlag(XRefEntry::Parsing) ||
++        (objNum == 0 && objGen == 0)) {
++      entry->setFlag(XRefEntry::Parsing, true);
++    } else {
++      error(errSyntaxError, getPos(),
++            "Object '{0:d} {1:d} obj' is being already parsed", objNum, objGen);
++      return nullptr;
++    }
++  }
+ 
+   // get stream start position
+   lexer->skipToNextLine();
+@@ -278,6 +290,9 @@ Stream *Parser::makeStream(Object &&dict, Guchar *fileKey,
+   // get filters
+   str = str->addFilters(str->getDict(), recursion);
+ 
++  if (entry)
++    entry->setFlag(XRefEntry::Parsing, false);
++
+   return str;
+ }
+ 
+diff --git a/poppler/XRef.h b/poppler/XRef.h
+index 11ee5e03..2eb2f9fd 100644
+--- a/poppler/XRef.h
++++ b/poppler/XRef.h
+@@ -68,7 +68,10 @@ struct XRefEntry {
+ 
+     // Special flags -- available only after xref->scanSpecialFlags() is run
+     Unencrypted, // Entry is stored in unencrypted form (meaningless in unencrypted documents)
+-    DontRewrite  // Entry must not be written back in case of full rewrite
++    DontRewrite, // Entry must not be written back in case of full rewrite
++
++    // Regular flag (moved here to preserve values of previous flags)
++    Parsing      // Entry is currently being parsed
+   };
+ 
+   inline GBool getFlag(Flag flag) const {
+-- 
+2.19.1
+
diff --git a/poppler.spec b/poppler.spec
index 9930ef1..af87570 100644
--- a/poppler.spec
+++ b/poppler.spec
@@ -4,7 +4,7 @@
 Summary: PDF rendering library
 Name:    poppler
 Version: 0.67.0
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: (GPLv2 or GPLv3) and GPLv2+ and LGPLv2+ and MIT
 URL:     http://poppler.freedesktop.org/
 Source0: http://poppler.freedesktop.org/poppler-%{version}.tar.xz
@@ -25,6 +25,9 @@ Patch7:  poppler-0.67.0-qt4-const.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1569334
 Patch8:  poppler-0.67.0-embedded-file-check.patch
 
+# https://bugzilla.redhat.com/show_bug.cgi?id=1626618
+Patch9:  poppler-0.67.0-cycles-in-pdf-parsing.patch
+
 BuildRequires: cmake
 BuildRequires: gcc-c++
 BuildRequires: gettext-devel
@@ -255,6 +258,10 @@ test "$(pkg-config --modversion poppler-splash)" = "%{version}"
 %{_mandir}/man1/*
 
 %changelog
+* Mon Nov 12 2018 Marek Kasik <mkasik@redhat.com> - 0.67.0-3
+- Avoid cycles in PDF parsing
+- Resolves: #1626620
+
 * Wed Oct 17 2018 Marek Kasik <mkasik@redhat.com> - 0.67.0-2
 - Fix crash on missing embedded file
 - Resolves: #1569334