CVE-2026-10118
Gravedad CVSS v3.1:
ALTA
Tipo:
CWE-190
Desbordamiento o ajuste de enteros
Fecha de publicación:
01/06/2026
Última modificación:
30/06/2026
Descripción
*** Pendiente de traducción *** A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the `tilingPatternFill` function. This overflow leads to an undersized heap memory allocation, allowing a subsequent out-of-bounds write. Successful exploitation could result in arbitrary code execution, information disclosure, or denial of service within the context of the application processing the PDF.
Impacto
Puntuación base 3.x
7.80
Gravedad 3.x
ALTA
Referencias a soluciones, herramientas e información
- https://access.redhat.com/errata/RHSA-2026:24984
- https://access.redhat.com/errata/RHSA-2026:24985
- https://access.redhat.com/errata/RHSA-2026:25058
- https://access.redhat.com/errata/RHSA-2026:27720
- https://access.redhat.com/errata/RHSA-2026:27721
- https://access.redhat.com/errata/RHSA-2026:27722
- https://access.redhat.com/errata/RHSA-2026:27723
- https://access.redhat.com/errata/RHSA-2026:27724
- https://access.redhat.com/errata/RHSA-2026:27725
- https://access.redhat.com/errata/RHSA-2026:27727
- https://access.redhat.com/errata/RHSA-2026:29952
- https://access.redhat.com/errata/RHSA-2026:30044
- https://access.redhat.com/errata/RHSA-2026:30078
- https://access.redhat.com/errata/RHSA-2026:30087
- https://access.redhat.com/errata/RHSA-2026:30088
- https://access.redhat.com/errata/RHSA-2026:30089
- https://access.redhat.com/errata/RHSA-2026:30134
- https://access.redhat.com/security/cve/CVE-2026-10118
- https://bugzilla.redhat.com/show_bug.cgi?id=2460428
- https://gitlab.freedesktop.org/poppler/poppler/-/work_items/1715
- https://access.redhat.com/errata/RHSA-2026:24984
- https://access.redhat.com/errata/RHSA-2026:24985
- https://access.redhat.com/errata/RHSA-2026:25058
- https://access.redhat.com/errata/RHSA-2026:27720
- https://access.redhat.com/errata/RHSA-2026:27721
- https://access.redhat.com/errata/RHSA-2026:27722
- https://access.redhat.com/errata/RHSA-2026:27723
- https://access.redhat.com/errata/RHSA-2026:27724
- https://access.redhat.com/errata/RHSA-2026:27725
- https://access.redhat.com/errata/RHSA-2026:27727
- https://access.redhat.com/errata/RHSA-2026:29952
- https://access.redhat.com/errata/RHSA-2026:30044
- https://access.redhat.com/errata/RHSA-2026:30078
- https://access.redhat.com/errata/RHSA-2026:30087
- https://access.redhat.com/errata/RHSA-2026:30088
- https://access.redhat.com/errata/RHSA-2026:30089
- https://access.redhat.com/errata/RHSA-2026:30134
- https://access.redhat.com/security/cve/CVE-2026-10118
- https://bugzilla.redhat.com/show_bug.cgi?id=2460428
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-10118.json



