Yeah, I suspect that a rather lot of the options use the same libraries; https://en.wikipedia.org/wiki/Poppler_(software) claims that poppler is used by Evince, LibreOffice 4.x, and Okular (among others).
This has advantages and disadvantages; yes, if there is a security hole in it, it likely affects everything that uses it. But it also means it gets use-case tested more thoroughly, at a minimum. Ideally, all "stakeholders" would have a vested interest in doing reviews of their own, or perhaps pooling money to have the code scrutinized.
