CVE-2026-10118
Integer Overflow in Poppler Leading to Code Execution
Publication date: 2026-06-01
Last updated on: 2026-06-01
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| poppler | poppler | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Poppler's Splash backend, specifically in the tilingPatternFill function. A remote attacker can exploit it by creating a malicious PDF file that triggers an integer overflow during rendering. This overflow causes the program to allocate less heap memory than needed, which then allows an out-of-bounds write to occur.
As a result, the attacker may be able to execute arbitrary code, disclose sensitive information, or cause a denial of service within the application processing the PDF.
How can this vulnerability impact me? :
Exploitation of this vulnerability can have serious impacts including arbitrary code execution, which means an attacker could run malicious code on your system.
It can also lead to information disclosure, potentially exposing sensitive data handled by the affected application.
Additionally, it can cause denial of service, disrupting the normal operation of the application processing the PDF files.