Integer Overflow or Wraparound Affecting poppler-qt package, versions *


Severity

Recommended
0.0
high
0
10

Based on CentOS security rating.

Threat Intelligence

Social Trends
EPSS
0.25% (17th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CENTOS7-POPPLERQT-17132943
  • published2 Jun 2026
  • disclosed1 Jun 2026

Introduced: 1 Jun 2026

CVE-2026-10118  (opens in a new tab)
CWE-190  (opens in a new tab)

How to fix?

There is no fixed version for Centos:7 poppler-qt.

NVD Description

Note: Versions mentioned in the description apply only to the upstream poppler-qt package and not the poppler-qt package as distributed by Centos. See How to fix? for Centos:7 relevant fixed versions and status.

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation, allowing a subsequent out-of-bounds write. Successful exploitation could result in arbitrary code execution, information disclosure, or denial of service within the context of the application processing the PDF.

CVSS Base Scores

version 3.1