CVE-2026-10118 in Popplerinformação

Sumário

de MITRE • 01/06/2026

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the `tilingPatternFill` function. This overflow leads to an undersized heap memory allocation, allowing a subsequent out-of-bounds write. Successful exploitation could result in arbitrary code execution, information disclosure, or denial of service within the context of the application processing the PDF.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

Redhat

Reservar

29/05/2026

Divulgação

01/06/2026

Moderação

aceite

Entrada

VDB-367680

CPE

pronto

CWE

CWE-190 (confirmado)

CVSS

7.8 (CNA)

EPSS

0.00065

KEV

não

Atividades

muito baixo

Sector

Telecommunication, Hostingprovider, ...

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-10118
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-10118
CVE Details	https://www.cvedetails.com/cve/CVE-2026-10118/

◂ Voltar Visão Geral Próximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!