- Package:
- src:poppler
- Source:
- src:poppler
- Submitter:
- Salvatore Bonaccorso
- Date:
- 2026-06-11 20:49:08 UTC
- Severity:
- normal
- Tags:
Hi, The following vulnerability was published for poppler. CVE-2026-10118[0]: | A flaw was found in Poppler's Splash backend. A remote attacker | could exploit this vulnerability by crafting a malicious PDF file | that, when rendered, triggers an integer overflow in the | `tilingPatternFill` function. This overflow leads to an undersized | heap memory allocation, allowing a subsequent out-of-bounds write. | Successful exploitation could result in arbitrary code execution, | information disclosure, or denial of service within the context of | the application processing the PDF. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-10118 https://www.cve.org/CVERecord?id=CVE-2026-10118 [1] https://gitlab.freedesktop.org/poppler/poppler/-/work_items/1715 [2] https://gitlab.freedesktop.org/poppler/poppler/-/commit/8352264766652b98336e92359a70b3161a9ab97a Please adjust the affected versions in the BTS as needed. Regards, Salvatore
Dear maintainer, I've prepared an NMU for poppler (versioned as 26.01.0-4.1) and uploaded it to DELAYED/2. Please feel free to tell me if I should cancel it. Uploading only with delay 2 days is bit borderline I believe, so I'm really ok with you saying me to cancel or delaying it further. We have put poppler into DSA "needed" list for the security team, but before having fixes going out to stable it seems wise to make sure the fix is exposed in unstable first. Regards, Salvatore
We began the poppler 26.01 transition in unstable on Sunday and it hasn't migrated to Testing yet. You could optionally check with the Release Team about whether this upload ought to wait. My guess is that it's ok to upload now without delay. I at least don't have any objections other than the ongoing transition. See https://bugs.debian.org/1136960 Thank you, Jeremy Bícha
Hi Jeremy, Yes, right. I have asked Sebastian what he would prefer in a followup to #1136960. Regards, Salvatore
We believe that the bug you reported is fixed in the latest version of
poppler, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1138708@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated poppler package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Tue, 02 Jun 2026 19:08:52 +0200
Source: poppler
Architecture: source
Version: 26.01.0-4.1
Distribution: unstable
Urgency: medium
Maintainer: Debian freedesktop.org maintainers <pkg-freedesktop-maintainers@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 1138708
Changes:
poppler (26.01.0-4.1) unstable; urgency=medium
.
* Non-maintainer upload.
* SplashOutputDev: Fix integer overflow in tilingPatternFill (CVE-2026-10118)
(Closes: #1138708)
Checksums-Sha1:
495d7fc08727130a230d2fcf0ca5f5f36b24fb5e 3941 poppler_26.01.0-4.1.dsc
9985d85458439666f25ac59e2092dbcdd69c1519 41236 poppler_26.01.0-4.1.debian.tar.xz
028e3a12bc91da935dac0f3aa9317d28785da4c0 6714 poppler_26.01.0-4.1_source.buildinfo
Checksums-Sha256:
90225a46a42873959de153a5df9c204ba1cfcc2decaedd00d84602531be18d33 3941 poppler_26.01.0-4.1.dsc
adf3105a63a764d0c0bd610cc0ea0a92af6bb7fdd7c14ff783317983bc8ff979 41236 poppler_26.01.0-4.1.debian.tar.xz
4f465c0f5a226c7afe48429e910f4db00ff323b52eafb3137fd391d86c78061d 6714 poppler_26.01.0-4.1_source.buildinfo
Files:
221dde09dd30ea7731bd229d92579c0c 3941 devel optional poppler_26.01.0-4.1.dsc
d06b1c91891f1930e393b2bb5b717c79 41236 devel optional poppler_26.01.0-4.1.debian.tar.xz
2870a16649c749ba28301186ceed8f9e 6714 devel optional poppler_26.01.0-4.1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmofP1lfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EMLgP/3UMYOhEaeyQNU3N8bsPBfAruXUGwCVx
atXSOpsrKVtrKSfp4X0gA7KwLLK1tAgeh/L4SFMq+f7rigRZLP2gdEyyK3arWJqN
hkbUzAzw+MU3EQARDPp0jOLb96YxV2cn1FnuLqIdH4dvNgr2C48ZPMWE30EHdo54
+BlySZ6HvY8txCNId4XE2UWbxF1O5RmgyD4v5CqVLdh18+Oz+u/FMr9LO8P61J7o
KHErIoxecA1KqRAO+3kIu5o+6d54gWusV2q54BTOc2jkM97Cxrid9m5VVw7kewCj
3RbIAa7LR8qxrlILCPeEG+1TM+02tOMdQRjmIKqdnAQZ5T+/nABDFY7A/oX0gUyd
RE3nRCBJjToivbaxFs13MhEgHwLRrj7xJidW85rrvysukORWHRYWfGbtergMdFsz
F7UWrIufouKkGTViEmL/Jgh/fyWgpJPrwtZv4U+7YVpLQuKuwX66QSLjLVYLxm/p
HH4D40fDTV5k47+lK1AHY19/uxSZ3ErG8/PiT4E+VhoF9van3caJ96v/r/3RWIgV
n3Asjlddnqdz3ULrI8MctHrM4gvy0TaOv8btAWzFs0lIM6AaJ9metUVn+iyARHy4
znJ6Hi3jV9LoErHZjEKATIWDBc/kBOirmPGdg6FLEYyAdLdQnuEmuFocjv7gNjLO
I2JNGl5F/7g7
=ZLdY
-----END PGP SIGNATURE-----
We believe that the bug you reported is fixed in the latest version of
poppler, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1138708@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated poppler package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Sat, 06 Jun 2026 11:07:43 +0200
Source: poppler
Architecture: source
Version: 25.03.0-5+deb13u3
Distribution: trixie-security
Urgency: high
Maintainer: Debian freedesktop.org maintainers <pkg-freedesktop-maintainers@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 1117046 1117853 1138708
Changes:
poppler (25.03.0-5+deb13u3) trixie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* SplashOutputDev: Fix integer overflow in tilingPatternFill (CVE-2026-10118)
(Closes: #1138708)
* Make sure regex doesn't stack overflow by limiting it (CVE-2025-43718)
(Closes: #1117046)
* Check for duplicate entries (CVE-2025-52885) (Closes: #1117853)
Checksums-Sha1:
8b17e8eeb60c2fb37a25ce36fc7bcfc095678a13 4121 poppler_25.03.0-5+deb13u3.dsc
ee5041be2a6bd6b6e5627776c7c82b788e238f58 1954516 poppler_25.03.0.orig.tar.xz
cb74cff2ea515391ee267c81a926b0ece4a14991 43964 poppler_25.03.0-5+deb13u3.debian.tar.xz
4f393b77eeecfaebbf22a1d38ac3d75654911d6b 6752 poppler_25.03.0-5+deb13u3_source.buildinfo
Checksums-Sha256:
4c867dedb90253a5693832f2187ee00cc4db1c997c7573f2289e4048480ff1f9 4121 poppler_25.03.0-5+deb13u3.dsc
97da4ff88517a6bbd729529f195f85c8d7a0c3bb4a3d57cb0c685cbb052fe837 1954516 poppler_25.03.0.orig.tar.xz
1234f92a2cbf5dafc80f34b51e98d1d79011fd51072744109c0f5c2aff32c658 43964 poppler_25.03.0-5+deb13u3.debian.tar.xz
d6145e8aefdd9df8b648e5117de0b55571d15fa89a8b2718351c0354b3789c4a 6752 poppler_25.03.0-5+deb13u3_source.buildinfo
Files:
58612a17225657930e99712d758f4a68 4121 devel optional poppler_25.03.0-5+deb13u3.dsc
21bb345c070ab16d7cd3bafcd513cc02 1954516 devel optional poppler_25.03.0.orig.tar.xz
561810f6047d557cd24c78cfd2f69f96 43964 devel optional poppler_25.03.0-5+deb13u3.debian.tar.xz
4109a65dfb6a5ee70c2fe7d801a0846e 6752 devel optional poppler_25.03.0-5+deb13u3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmokO0dfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89Ebc4P/3j31hUaSEt4mDqRErLcG+N/ZGz90An6
7j8gu1FUIpFFLLVXLJNgyHBNdNrpwrwB/KTrS5zBKY1i6YdNDql3C7YnunlPLANM
DMnsQYejHklGBQoMbzP4PK0FIrLjHt/KkqyNr9JbDPZ7hCS6jJJfVpHT8EtCLlfQ
WwUWcuwpIzUuauLjg3FeQHFAlWLhSQZDeghHbiQwkzb4O6E0RdEHTG39wlByfq4+
IrnwIzeowbtM01OfoTILJ/wK9HAsspNAfROXnVJLZ6W1REYXOQ0Ys0+ZBAiJLUOB
vcOfRm/IcNBeKOaLHnJuc9F/355xacMFpZrgdCsPaDer1GhOv712h6g8+nrWwpN7
8UMcJmcUJDBS9E7Z/z5R28UVtxk/7FsA9Jgg4aO4At70MTSr+kLCF/tSjLIlxLMY
e0v82K+YC407ZsvliUIh4QA7nvr92mBDYQ1vX+zsvqkon8bS/nSmAd5OtUzvQJgW
QWq19XF79kvqX1JemXN2YN5/dHL1zTh7hAzyuUzkAWiRVq7gedd7xR0YhGoFAct0
k794rTiaSXlkdafGUxrVv3AQ+2CufoArs4iB+SUOAXey94rG0mHDYlzUx4uIFirM
AWGJnzixcSf6Ca0fi71WPOuHfky2ATmc6Cr0uS4u9BVUKkGCyE3HAEenIEuvPSth
9kf//BntPfoH
=bOAU
-----END PGP SIGNATURE-----
We believe that the bug you reported is fixed in the latest version of
poppler, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1138708@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated poppler package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Sat, 06 Jun 2026 15:00:14 +0200
Source: poppler
Architecture: source
Version: 22.12.0-2+deb12u2
Distribution: bookworm-security
Urgency: high
Maintainer: Debian freedesktop.org maintainers <pkg-freedesktop-maintainers@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 1117046 1117853 1138708
Changes:
poppler (22.12.0-2+deb12u2) bookworm-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Make sure regex doesn't stack overflow by limiting it (CVE-2025-43718)
(Closes: #1117046)
* Check for duplicate entries (CVE-2025-52885) (Closes: #1117853)
* SplashOutputDev: Fix integer overflow in tilingPatternFill (CVE-2026-10118)
(Closes: #1138708)
Checksums-Sha1:
4116288d991eba62296630a24681f71f8f08399f 3641 poppler_22.12.0-2+deb12u2.dsc
28bba6fd877ada1629d5e093d7b1d3701a6bb36f 1845856 poppler_22.12.0.orig.tar.xz
cd931aeda929739e6bc9e4e08c8a0d70fb684f12 40648 poppler_22.12.0-2+deb12u2.debian.tar.xz
2de502f143869928383125ba7d9cf6a87110dbe8 6752 poppler_22.12.0-2+deb12u2_source.buildinfo
Checksums-Sha256:
7414799e91fc1fde389c24aacfc811ae5676d4be713be085870bfe978621bb88 3641 poppler_22.12.0-2+deb12u2.dsc
d9aa9cacdfbd0f8e98fc2b3bb008e645597ed480685757c3e7bc74b4278d15c0 1845856 poppler_22.12.0.orig.tar.xz
fd5bc595a83f013adfc9f576ccf5184b398ba33aca889cef7c09cb5736c5862f 40648 poppler_22.12.0-2+deb12u2.debian.tar.xz
ae22eaaaed523ddc654a74850c149ae40d1e8a2dd6498a78049422880fa1ad37 6752 poppler_22.12.0-2+deb12u2_source.buildinfo
Files:
73aca07092107e88f2d8e00f38b49b9a 3641 devel optional poppler_22.12.0-2+deb12u2.dsc
39b6a69eceba6adb8afbcee8d47385fd 1845856 devel optional poppler_22.12.0.orig.tar.xz
2b985eefb7ecbcc603656f857e1c7be1 40648 devel optional poppler_22.12.0-2+deb12u2.debian.tar.xz
5349c2ed29141bfe6e2b404830686070 6752 devel optional poppler_22.12.0-2+deb12u2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmokO+hfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89ETTEP/iOGW9NSZgrjL1LwHhI4t1LpP3yMLzCk
jhvdX3leuWrbhs9opgADvW6v6B2Y6dNfysE8W8jwl24GIHeQ6pF1adeGwxTNcYsA
SYt61Hia+CBd1bgNCYljv5EzfZzsbomuB0JmJt0YQxV+/usbjoygzG/8zwzOZb61
7fIwEaoqK1HhcIlscA3XMBYNBYIGsm1cck37YMM6hqEwEAPRusTUUMjoY5JZOjYa
ABl1EIy3CGeTynaGxclQN014xjZWsahSKrE3ftJG6BjawpR8slZ6wSqcGxaaveE2
XTXRDfw9kwTYmxLr/iLx+jqSMREMoLZc0t/84qUnV2k3VE9E8EfBRtjlC/VRYMOG
shWvhEmlla2TH0klLQK0erzMHpWaOTTm9IPA3Lu1iGkZju12nEvF154qZcbt07Y7
uit59VWKlqIJGD4WmN5StliVZ1Fpe5BsSBnmlDn4z3oVV9E0sLn9/FNL31Q37+Bp
6Pjja+giJPW47ibZTuFEADUwTvOyt2EybIvcRBcXrNQ25weZvS+g8ff7LLySMK/G
NoYBmeAWGm98nGSgDvx+OXdMKK85mn4ypgguFb80wmG8Deeur+fX4kzfNg6hAFd4
gqnApQ7tkUscgulJsvbdCglM8DbIKI78JA6bsK079AMbEdqZy7Q0AjLfqp7rneO+
a9O6kD+oMROw
=E49I
-----END PGP SIGNATURE-----