CVE-2026-10118

EUVD-2026-33694
A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the `tilingPatternFill` function. This overflow leads to an undersized heap memory allocation, allowing a subsequent out-of-bounds write. Successful exploitation could result in arbitrary code execution, information disclosure, or denial of service within the context of the application processing the PDF.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
Red HatRed Hat Enterprise Linux 10
0:24.02.0-7.el10_2.2 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 10.0 Extended Update Support
0:24.02.0-7.el10_0.1 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 7 Extended Lifecycle Support
0:0.22.5-7.el7_9 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 7 Extended Lifecycle Support
0:0.26.5-44.el7_9 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 8
0:20.11.0-14.el8_10 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
0:20.11.0-2.el8_4.3 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
0:20.11.0-2.el8_4.3 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
0:20.11.0-5.el8_6.1 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On
0:20.11.0-5.el8_6.1 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 8.8 Telecommunications Update Service
0:20.11.0-7.el8_8.1 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 8.8 Update Services for SAP Solutions
0:20.11.0-7.el8_8.1 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 9
0:21.01.0-24.el9_8.1 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 9.2 Update Services for SAP Solutions
0:21.01.0-15.el9_2.1 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 9.4 Update Services for SAP Solutions
0:21.01.0-20.el9_4.1 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 9.6 Extended Update Support
0:21.01.0-22.el9_6.1 ≤
𝑥
< *
ADP
Red HatRed Hat AI Inference Server 3.3
1782352950 ≤
𝑥
< *
ADP
Red HatRed Hat AI Inference Server 3.3
1782352919 ≤
𝑥
< *
ADP
Red HatRed Hat AI Inference Server 3.3
1782353093 ≤
𝑥
< *
ADP
Red HatRed Hat AI Inference Server 3.3
1782352847 ≤
𝑥
< *
ADP
Red HatRed Hat Hardened Images
26.06.0-0.1.hum1 ≤
𝑥
< *
ADP
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
poppler
RHEL 8
0:20.11.0-14.el8_10
fixed
RHEL 8.4 AUS
0:20.11.0-2.el8_4.3
fixed
RHEL 8.6 AUS
0:20.11.0-5.el8_6.1
fixed
RHEL 8.8 E4S
0:20.11.0-7.el8_8.1
fixed
RHEL 8.8 TUS
0:20.11.0-7.el8_8.1
fixed
RHEL 9
0:21.01.0-24.el9_8.1
fixed
poppler-cpp
RHEL 8
0:20.11.0-14.el8_10
fixed
RHEL 9
0:21.01.0-24.el9_8.1
fixed
poppler-cpp-devel
RHEL 8
0:20.11.0-14.el8_10
fixed
RHEL 9
0:21.01.0-24.el9_8.1
fixed
poppler-devel
RHEL 8
0:20.11.0-14.el8_10
fixed
RHEL 9
0:21.01.0-24.el9_8.1
fixed
poppler-glib
RHEL 8
0:20.11.0-14.el8_10
fixed
RHEL 8.4 AUS
0:20.11.0-2.el8_4.3
fixed
RHEL 8.6 AUS
0:20.11.0-5.el8_6.1
fixed
RHEL 8.8 E4S
0:20.11.0-7.el8_8.1
fixed
RHEL 8.8 TUS
0:20.11.0-7.el8_8.1
fixed
RHEL 9
0:21.01.0-24.el9_8.1
fixed
poppler-glib-devel
RHEL 8
0:20.11.0-14.el8_10
fixed
RHEL 9
0:21.01.0-24.el9_8.1
fixed
poppler-glib-doc
RHEL 8
0:20.11.0-14.el8_10
fixed
RHEL 9
0:21.01.0-24.el9_8.1
fixed
poppler-qt5
RHEL 8
0:20.11.0-14.el8_10
fixed
RHEL 8.8 E4S
0:20.11.0-7.el8_8.1
fixed
RHEL 8.8 TUS
0:20.11.0-7.el8_8.1
fixed
RHEL 9
0:21.01.0-24.el9_8.1
fixed
poppler-qt5-devel
RHEL 8
0:20.11.0-14.el8_10
fixed
RHEL 9
0:21.01.0-24.el9_8.1
fixed
poppler-utils
RHEL 8
0:20.11.0-14.el8_10
fixed
RHEL 8.4 AUS
0:20.11.0-2.el8_4.3
fixed
RHEL 8.6 AUS
0:20.11.0-5.el8_6.1
fixed
RHEL 8.8 E4S
0:20.11.0-7.el8_8.1
fixed
RHEL 8.8 TUS
0:20.11.0-7.el8_8.1
fixed
RHEL 9
0:21.01.0-24.el9_8.1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
compat-poppler22
Amazon Linux 2023
0:22.08.0-3.amzn2023.0.6
fixed
compat-poppler22-cpp
Amazon Linux 2023
0:22.08.0-3.amzn2023.0.6
fixed
compat-poppler22-cpp-debuginfo
Amazon Linux 2023
0:22.08.0-3.amzn2023.0.6
fixed
compat-poppler22-debuginfo
Amazon Linux 2023
0:22.08.0-3.amzn2023.0.6
fixed
compat-poppler22-debugsource
Amazon Linux 2023
0:22.08.0-3.amzn2023.0.6
fixed
poppler
Amazon Linux 2
0:0.26.5-43.amzn2.1.7
fixed
Amazon Linux 2023
0:24.08.0-1.amzn2023.0.1
fixed
poppler-cpp
Amazon Linux 2
0:0.26.5-43.amzn2.1.7
fixed
Amazon Linux 2023
0:24.08.0-1.amzn2023.0.1
fixed
poppler-cpp-debuginfo
Amazon Linux 2023
0:24.08.0-1.amzn2023.0.1
fixed
poppler-cpp-devel
Amazon Linux 2
0:0.26.5-43.amzn2.1.7
fixed
Amazon Linux 2023
0:24.08.0-1.amzn2023.0.1
fixed
poppler-debuginfo
Amazon Linux 2
0:0.26.5-43.amzn2.1.7
fixed
Amazon Linux 2023
0:24.08.0-1.amzn2023.0.1
fixed
poppler-debugsource
Amazon Linux 2023
0:24.08.0-1.amzn2023.0.1
fixed
poppler-demos
Amazon Linux 2
0:0.26.5-43.amzn2.1.7
fixed
poppler-devel
Amazon Linux 2
0:0.26.5-43.amzn2.1.7
fixed
Amazon Linux 2023
0:24.08.0-1.amzn2023.0.1
fixed
poppler-glib
Amazon Linux 2
0:0.26.5-43.amzn2.1.7
fixed
Amazon Linux 2023
0:24.08.0-1.amzn2023.0.1
fixed
poppler-glib-debuginfo
Amazon Linux 2023
0:24.08.0-1.amzn2023.0.1
fixed
poppler-glib-devel
Amazon Linux 2
0:0.26.5-43.amzn2.1.7
fixed
Amazon Linux 2023
0:24.08.0-1.amzn2023.0.1
fixed
poppler-glib-doc
Amazon Linux 2023
0:24.08.0-1.amzn2023.0.1
fixed
poppler-qt
Amazon Linux 2
0:0.26.5-43.amzn2.1.7
fixed
poppler-qt-devel
Amazon Linux 2
0:0.26.5-43.amzn2.1.7
fixed
poppler-utils
Amazon Linux 2
0:0.26.5-43.amzn2.1.7
fixed
Amazon Linux 2023
0:24.08.0-1.amzn2023.0.1
fixed
poppler-utils-debuginfo
Amazon Linux 2023
0:24.08.0-1.amzn2023.0.1
fixed
References