Home

Description

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the `tilingPatternFill` function. This overflow leads to an undersized heap memory allocation, allowing a subsequent out-of-bounds write. Successful exploitation could result in arbitrary code execution, information disclosure, or denial of service within the context of the application processing the PDF.

PUBLISHED Reserved 2026-05-29 | Published 2026-06-01 | Updated 2026-06-03 | Assigner redhat




HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Problem types

Integer Overflow or Wraparound

Product status

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Timeline

2026-04-21:Reported to Red Hat.
2026-06-01:Made public.

Credits

This issue was discovered by AISLE in partnership with Red Hat.

References

access.redhat.com/security/cve/CVE-2026-10118 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2460428 (RHBZ#2460428) issue-tracking

gitlab.freedesktop.org/poppler/poppler/-/work_items/1715

cve.org (CVE-2026-10118)

nvd.nist.gov (CVE-2026-10118)

Download JSON