High severity7.8NVD Advisory· Published Jun 1, 2026· Updated Jun 10, 2026
CVE-2026-10118
CVE-2026-10118
Description
A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation, allowing a subsequent out-of-bounds write. Successful exploitation could result in arbitrary code execution, information disclosure, or denial of service within the context of the application processing the PDF.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
13- osv-coords12 versionspkg:rpm/almalinux/popplerpkg:rpm/almalinux/poppler-cpppkg:rpm/almalinux/poppler-cpp-develpkg:rpm/almalinux/poppler-develpkg:rpm/almalinux/poppler-glibpkg:rpm/almalinux/poppler-glib-develpkg:rpm/almalinux/poppler-glib-docpkg:rpm/almalinux/poppler-qt5pkg:rpm/almalinux/poppler-qt5-develpkg:rpm/almalinux/poppler-qt6pkg:rpm/almalinux/poppler-qt6-develpkg:rpm/almalinux/poppler-utils
< 20.11.0-14.el8_10+ 11 more
- (no CPE)range: < 20.11.0-14.el8_10
- (no CPE)range: < 20.11.0-14.el8_10
- (no CPE)range: < 20.11.0-14.el8_10
- (no CPE)range: < 20.11.0-14.el8_10
- (no CPE)range: < 20.11.0-14.el8_10
- (no CPE)range: < 20.11.0-14.el8_10
- (no CPE)range: < 20.11.0-14.el8_10
- (no CPE)range: < 20.11.0-14.el8_10
- (no CPE)range: < 20.11.0-14.el8_10
- (no CPE)range: < 24.02.0-7.el10_2.2
- (no CPE)range: < 24.02.0-7.el10_2.2
- (no CPE)range: < 20.11.0-14.el8_10
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.