CVE-2026-10118
Severity CVSS v4.0:
Pending analysis
Type:
CWE-190
Integer Overflow or Wraparound
Publication date:
01/06/2026
Last modified:
30/06/2026
Description
A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the `tilingPatternFill` function. This overflow leads to an undersized heap memory allocation, allowing a subsequent out-of-bounds write. Successful exploitation could result in arbitrary code execution, information disclosure, or denial of service within the context of the application processing the PDF.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
References to Advisories, Solutions, and Tools
- https://access.redhat.com/errata/RHSA-2026:24984
- https://access.redhat.com/errata/RHSA-2026:24985
- https://access.redhat.com/errata/RHSA-2026:25058
- https://access.redhat.com/errata/RHSA-2026:27720
- https://access.redhat.com/errata/RHSA-2026:27721
- https://access.redhat.com/errata/RHSA-2026:27722
- https://access.redhat.com/errata/RHSA-2026:27723
- https://access.redhat.com/errata/RHSA-2026:27724
- https://access.redhat.com/errata/RHSA-2026:27725
- https://access.redhat.com/errata/RHSA-2026:27727
- https://access.redhat.com/errata/RHSA-2026:29952
- https://access.redhat.com/errata/RHSA-2026:30044
- https://access.redhat.com/errata/RHSA-2026:30078
- https://access.redhat.com/errata/RHSA-2026:30087
- https://access.redhat.com/errata/RHSA-2026:30088
- https://access.redhat.com/errata/RHSA-2026:30089
- https://access.redhat.com/errata/RHSA-2026:30134
- https://access.redhat.com/security/cve/CVE-2026-10118
- https://bugzilla.redhat.com/show_bug.cgi?id=2460428
- https://gitlab.freedesktop.org/poppler/poppler/-/work_items/1715
- https://access.redhat.com/errata/RHSA-2026:24984
- https://access.redhat.com/errata/RHSA-2026:24985
- https://access.redhat.com/errata/RHSA-2026:25058
- https://access.redhat.com/errata/RHSA-2026:27720
- https://access.redhat.com/errata/RHSA-2026:27721
- https://access.redhat.com/errata/RHSA-2026:27722
- https://access.redhat.com/errata/RHSA-2026:27723
- https://access.redhat.com/errata/RHSA-2026:27724
- https://access.redhat.com/errata/RHSA-2026:27725
- https://access.redhat.com/errata/RHSA-2026:27727
- https://access.redhat.com/errata/RHSA-2026:29952
- https://access.redhat.com/errata/RHSA-2026:30044
- https://access.redhat.com/errata/RHSA-2026:30078
- https://access.redhat.com/errata/RHSA-2026:30087
- https://access.redhat.com/errata/RHSA-2026:30088
- https://access.redhat.com/errata/RHSA-2026:30089
- https://access.redhat.com/errata/RHSA-2026:30134
- https://access.redhat.com/security/cve/CVE-2026-10118
- https://bugzilla.redhat.com/show_bug.cgi?id=2460428
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-10118.json



