CVE-2026-10118
7.8 HIGHA flaw was found in Poppler's Splash backend
Published: 2026-06-01 · Last updated: 2026-06-10
Severity and scoring
- CVSS
- 7.8 HIGH
- Vector
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- CWE
- CWE-190
Description
A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the `tilingPatternFill` function. This overflow leads to an undersized heap memory allocation, allowing a subsequent out-of-bounds write. Successful exploitation could result in arbitrary code execution, information disclosure, or denial of service within the context of the application processing the PDF.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10118
- [Other]https://access.redhat.com/errata/RHSA-2026:24984
- [Other]https://access.redhat.com/errata/RHSA-2026:24985
- [Other]https://access.redhat.com/errata/RHSA-2026:25058
- [Other]https://access.redhat.com/security/cve/CVE-2026-10118
- [Other]https://bugzilla.redhat.com/show_bug.cgi?id=2460428
- [Other]https://gitlab.freedesktop.org/poppler/poppler/-/work_items/1715
Related CVEs
Same CWE
- CVE-2025-14098 — Heap buffer out-of-bounds write vulnerability due to integer overflow in Avira Antivirus engine when scanning a malformed MS-DOS executab... (7.8 HIGH)
- CVE-2026-47223 — NanaZip is the 7-Zip derivative intended for the modern Windows experience (5.4 MEDIUM)
- CVE-2026-11774 — An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base) (7.6 HIGH)
- CVE-2025-66280 — An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions
- CVE-2026-34711 — CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability (7.5 HIGH)