Upstream information
Description
A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the `tilingPatternFill` function. This overflow leads to an undersized heap memory allocation, allowing a subsequent out-of-bounds write. Successful exploitation could result in arbitrary code execution, information disclosure, or denial of service within the context of the application processing the PDF.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
| CVSS detail | CNA (Red Hat) |
|---|---|
| Base Score | 7.8 |
| Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| Attack Vector | Local |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | Required |
| Scope | Unchanged |
| Confidentiality Impact | High |
| Integrity Impact | High |
| Availability Impact | High |
| CVSSv3 Version | 3.1 |
SUSE Security Advisories:
- RHSA-2026:24984, published Wed Jun 10 15:06:11 UTC 2026
- RHSA-2026:25058, published Thu Jun 11 15:06:17 UTC 2026
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Liberty Linux 8 |
| Patchnames: RHSA-2026:24984 |
| SUSE Liberty Linux 9 |
| Patchnames: RHSA-2026:25058 |
SUSE Timeline for this CVE
CVE page created: Mon Jun 1 20:07:24 2026CVE page last modified: Thu Jun 11 19:24:36 2026