Cyber Resilience

CVE-2026-10118

HighUpdated

Published: 01 June 2026

Published
01 June 2026
Modified
10 June 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0023 13.7th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-10118 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Freedesktop (inferred from references). Its CVSS base score is 7.8 (High).

Operationally, ranked at the 13.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the `tilingPatternFill` function. This overflow leads to an undersized heap memory…

more

allocation, allowing a subsequent out-of-bounds write. Successful exploitation could result in arbitrary code execution, information disclosure, or denial of service within the context of the application processing the PDF.

CWE(s)

Related Threats

CVEs Like This One

CVE-2026-41602Shared CWE-190
CVE-2026-4775Shared CWE-190
CVE-2026-21347Shared CWE-190
CVE-2026-34644Shared CWE-190
CVE-2026-27889Shared CWE-190
CVE-2026-6473Shared CWE-190
CVE-2026-33040Shared CWE-190
CVE-2026-27951Shared CWE-190
CVE-2026-8956Shared CWE-190
CVE-2026-28952Shared CWE-190

Affected Assets

Freedesktop
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References