7.8

CVE-2026-10118

Poppler: integer overflow in poppler splashoutputdev::tilingpatternfill leads to heap buffer overflow via unchecked dimension multiplication

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the `tilingPatternFill` function. This overflow leads to an undersized heap memory allocation, allowing a subsequent out-of-bounds write. Successful exploitation could result in arbitrary code execution, information disclosure, or denial of service within the context of the application processing the PDF.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
HerstellerRed Hat
Produkt Red Hat Enterprise Linux Server (v. 7 ELS)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux Server Optional (v. 7 ELS)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux AppStream EUS (v. 10.0)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux AppStream (v. 10)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux AppStream (v. 8)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux AppStream AUS (v.8.4)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux AppStream AUS (v.8.6)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux AppStream E4S (v.8.8)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux AppStream TUS (v.8.8)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux AppStream E4S (v.9.2)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux AppStream E4S (v.9.4)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux AppStream EUS (v.9.6)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux AppStream (v. 9)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux CRB (v. 8)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat CodeReady Linux Builder EUS (v.9.6)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat AI Inference Server 3.3
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Hardened Images
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 6
Default Statusunaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.163
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://access.redhat.com/security/cve/CVE-2026-10118
https://bugzilla.redhat.com/show_bug.cgi?id=2460428
https://gitlab.freedesktop.org/poppler/poppler/-/work_items/1715
https://access.redhat.com/errata/RHSA-2026:24984
https://access.redhat.com/errata/RHSA-2026:24985
https://access.redhat.com/errata/RHSA-2026:25058
https://access.redhat.com/errata/RHSA-2026:27720
https://access.redhat.com/errata/RHSA-2026:27721
https://access.redhat.com/errata/RHSA-2026:27722
https://access.redhat.com/errata/RHSA-2026:27723
https://access.redhat.com/errata/RHSA-2026:27724
https://access.redhat.com/errata/RHSA-2026:27725
https://access.redhat.com/errata/RHSA-2026:27727
https://access.redhat.com/errata/RHSA-2026:29952
https://access.redhat.com/errata/RHSA-2026:30078
https://access.redhat.com/errata/RHSA-2026:30044
https://access.redhat.com/errata/RHSA-2026:30087
https://access.redhat.com/errata/RHSA-2026:30088
https://access.redhat.com/errata/RHSA-2026:30089
https://access.redhat.com/errata/RHSA-2026:30134
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-10118.json