CVE-2026-10118

Summary

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation, allowing a subsequent out-of-bounds write. Successful exploitation could result in arbitrary code execution, information disclosure, or denial of service within the context of the application processing the PDF.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Enterprise Linux 100:24.02.0-7.el10_2.2 < *unaffected
Red HatRed Hat Enterprise Linux 10.0 Extended Update Support0:24.02.0-7.el10_0.1 < *unaffected
Red HatRed Hat Enterprise Linux 7 Extended Lifecycle Support0:0.22.5-7.el7_9 < *unaffected
Red HatRed Hat Enterprise Linux 7 Extended Lifecycle Support0:0.26.5-44.el7_9 < *unaffected
Red HatRed Hat Enterprise Linux 80:20.11.0-14.el8_10 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support0:20.11.0-2.el8_4.3 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On0:20.11.0-2.el8_4.3 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support0:20.11.0-5.el8_6.1 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On0:20.11.0-5.el8_6.1 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Telecommunications Update Service0:20.11.0-7.el8_8.1 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Update Services for SAP Solutions0:20.11.0-7.el8_8.1 < *unaffected
Red HatRed Hat Enterprise Linux 90:21.01.0-24.el9_8.1 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Update Services for SAP Solutions0:21.01.0-15.el9_2.1 < *unaffected
Red HatRed Hat Enterprise Linux 9.4 Update Services for SAP Solutions0:21.01.0-20.el9_4.1 < *unaffected
Red HatRed Hat Enterprise Linux 9.6 Extended Update Support0:21.01.0-22.el9_6.1 < *unaffected
Red HatRed Hat AI Inference Server 3.31782352950 < *unaffected
Red HatRed Hat AI Inference Server 3.31782352919 < *unaffected
Red HatRed Hat AI Inference Server 3.31782353093 < *unaffected
Red HatRed Hat AI Inference Server 3.31782352847 < *unaffected
Red HatRed Hat Hardened Images26.06.0-0.1.hum1 < *unaffected

Weaknesses

  • CWE-190: Integer Overflow or Wraparound

Workarounds

To mitigate this issue, users should avoid opening untrusted or suspicious PDF documents with applications that utilize the Poppler library for rendering. Limiting exposure to untrusted content can reduce the risk of exploitation.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

poppler: Integer overflow in Poppler SplashOutputDev::tilingPatternFill leads to heap buffer overflow via unchecked dimension multiplication

Additional References

References