Red Hat Security Advisory: poppler security update
An integer overflow vulnerability in the Poppler PDF rendering library's SplashOutputDev::tilingPatternFill function leads to a heap buffer overflow due to unchecked dimension multiplication. This vulnerability is identified as CVE-2026-10118 and affects Poppler packages used in Red Hat Enterprise Linux 10 and related distributions. A security update addressing this issue has been released by Red Hat.
AI Analysis
Technical Summary
CVE-2026-10118 is an integer overflow vulnerability in the Poppler library's SplashOutputDev::tilingPatternFill function. The unchecked multiplication of dimensions causes a heap buffer overflow, which could potentially lead to memory corruption. This vulnerability affects Poppler packages distributed with Red Hat Enterprise Linux 10 and its variants. Red Hat has issued a security advisory (RHSA-2026:24985) providing updated packages to fix this issue.
Potential Impact
The vulnerability allows a heap buffer overflow triggered by an integer overflow in dimension multiplication within the Poppler library. This could lead to memory corruption, potentially causing application crashes or other unintended behavior in applications that use Poppler for PDF rendering, such as Evince. The advisory rates the impact as Important (high severity). There are no known exploits in the wild at the time of the advisory.
Mitigation Recommendations
Red Hat has released updated Poppler packages for Red Hat Enterprise Linux 10 and related distributions that fix this vulnerability. Users should apply the security update as described in Red Hat advisory RHSA-2026:24985 and the referenced article https://access.redhat.com/articles/11258. No additional mitigation steps are indicated by the vendor.
Red Hat Security Advisory: poppler security update
Description
An integer overflow vulnerability in the Poppler PDF rendering library's SplashOutputDev::tilingPatternFill function leads to a heap buffer overflow due to unchecked dimension multiplication. This vulnerability is identified as CVE-2026-10118 and affects Poppler packages used in Red Hat Enterprise Linux 10 and related distributions. A security update addressing this issue has been released by Red Hat.
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-10118 is an integer overflow vulnerability in the Poppler library's SplashOutputDev::tilingPatternFill function. The unchecked multiplication of dimensions causes a heap buffer overflow, which could potentially lead to memory corruption. This vulnerability affects Poppler packages distributed with Red Hat Enterprise Linux 10 and its variants. Red Hat has issued a security advisory (RHSA-2026:24985) providing updated packages to fix this issue.
Potential Impact
The vulnerability allows a heap buffer overflow triggered by an integer overflow in dimension multiplication within the Poppler library. This could lead to memory corruption, potentially causing application crashes or other unintended behavior in applications that use Poppler for PDF rendering, such as Evince. The advisory rates the impact as Important (high severity). There are no known exploits in the wild at the time of the advisory.
Mitigation Recommendations
Red Hat has released updated Poppler packages for Red Hat Enterprise Linux 10 and related distributions that fix this vulnerability. Users should apply the security update as described in Red Hat advisory RHSA-2026:24985 and the referenced article https://access.redhat.com/articles/11258. No additional mitigation steps are indicated by the vendor.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:24985
- Cve Count
- 1
- Additional Cves
- []
- Cvss Version
- null
Threat ID: 6a294d6f8dd33fbd853ab2ef
Added to database: 6/10/2026, 11:41:35 AM
Last enriched: 6/10/2026, 11:57:15 AM
Last updated: 6/10/2026, 1:00:17 PM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.