1. It might not be a PDF file, but an executable file disguised as a PDF. File extension shenanigans are the easiest way to achieve this (eg. virus.pdf.exe), especially on Windows which uses the file extension to determine the file type, but hides extensions by default.
2. The PDF may be crafted in such a way as to exploit security vulnerabilities in specific PDF reader software and allow the arbitrary execution of embedded code. Really any file can do this, images, audio, text files etc, as long the the software opening it has a sufficient weakness and happens to be the one you use.
3. Adobe’s ~~bastardisation~~ enhancement of the PDF format adds the ability to embed scripting and other advanced functionality into documents, which can be exploited to perform malicious activity.