CVE-2026-10118: Integer Overflow or Wraparound in Red Hat Red Hat Enterprise Linux 10
A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the `tilingPatternFill` function. This overflow leads to an undersized heap memory allocation, allowing a subsequent out-of-bounds write. Successful exploitation could result in arbitrary code execution, information disclosure, or denial of service within the context of the application processing the PDF.
AI Analysis
Technical Summary
This vulnerability is an integer overflow or wraparound in the Poppler Splash backend's tilingPatternFill function. When a malicious PDF is rendered, the overflow causes a heap memory allocation smaller than needed, enabling an out-of-bounds write. This memory corruption can lead to arbitrary code execution, information disclosure, or denial of service. The CVSS 3.1 score is 7.8, reflecting high impact on confidentiality, integrity, and availability with low attack complexity but requiring local access and user interaction. The vendor advisory from Red Hat does not currently specify a patch or remediation status.
Potential Impact
Successful exploitation can result in arbitrary code execution, information disclosure, or denial of service within the context of the application processing the malicious PDF. The vulnerability affects confidentiality, integrity, and availability. Exploitation requires local access and user interaction, limiting remote exploitation. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-10118 for current remediation guidance. Until an official fix is released, avoid opening untrusted PDF files with affected Poppler versions. Monitor the vendor advisory for updates on patches or workarounds.
CVE-2026-10118: Integer Overflow or Wraparound in Red Hat Red Hat Enterprise Linux 10
Description
A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the `tilingPatternFill` function. This overflow leads to an undersized heap memory allocation, allowing a subsequent out-of-bounds write. Successful exploitation could result in arbitrary code execution, information disclosure, or denial of service within the context of the application processing the PDF.
CVSS v3.1
Score 7.8high
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability is an integer overflow or wraparound in the Poppler Splash backend's tilingPatternFill function. When a malicious PDF is rendered, the overflow causes a heap memory allocation smaller than needed, enabling an out-of-bounds write. This memory corruption can lead to arbitrary code execution, information disclosure, or denial of service. The CVSS 3.1 score is 7.8, reflecting high impact on confidentiality, integrity, and availability with low attack complexity but requiring local access and user interaction. The vendor advisory from Red Hat does not currently specify a patch or remediation status.
Potential Impact
Successful exploitation can result in arbitrary code execution, information disclosure, or denial of service within the context of the application processing the malicious PDF. The vulnerability affects confidentiality, integrity, and availability. Exploitation requires local access and user interaction, limiting remote exploitation. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-10118 for current remediation guidance. Until an official fix is released, avoid opening untrusted PDF files with affected Poppler versions. Monitor the vendor advisory for updates on patches or workarounds.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-05-29T17:18:50.666Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2026-10118","vendor":"Red Hat"}]
Threat ID: 6a1dbb9de29bf47b501c5659
Added to database: 6/1/2026, 5:04:29 PM
Last enriched: 6/1/2026, 5:33:32 PM
Last updated: 6/2/2026, 6:41:27 AM
Views: 10
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.