Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

CVE-2026-10118

Gravedad CVSS v3.1:
ALTA
Tipo:
CWE-190 Desbordamiento o ajuste de enteros
Fecha de publicación:
01/06/2026
Última modificación:
30/06/2026

Descripción

*** Pendiente de traducción *** A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the `tilingPatternFill` function. This overflow leads to an undersized heap memory allocation, allowing a subsequent out-of-bounds write. Successful exploitation could result in arbitrary code execution, information disclosure, or denial of service within the context of the application processing the PDF.

Referencias a soluciones, herramientas e información