ALAS2023-2026-1852

Amazon Linux 2023 Security Advisory: ALAS2023-2026-1852
Advisory Released Date: 2026-06-22
Advisory Updated Date: 2026-06-22
Severity: Important
Issue Overview:

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the `tilingPatternFill` function. This overflow leads to an undersized heap memory allocation, allowing a subsequent out-of-bounds write. Successful exploitation could result in arbitrary code execution, information disclosure, or denial of service within the context of the application processing the PDF. (CVE-2026-10118)


Affected Packages:

poppler


Issue Correction:
Run dnf update poppler --releasever 2023.12.20260622 or dnf update --advisory ALAS2023-2026-1852 --releasever 2023.12.20260622 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation

New Packages:
aarch64:
    poppler-cpp-debuginfo-24.08.0-1.amzn2023.0.1.aarch64
    poppler-debuginfo-24.08.0-1.amzn2023.0.1.aarch64
    poppler-glib-devel-24.08.0-1.amzn2023.0.1.aarch64
    poppler-glib-24.08.0-1.amzn2023.0.1.aarch64
    poppler-utils-24.08.0-1.amzn2023.0.1.aarch64
    poppler-utils-debuginfo-24.08.0-1.amzn2023.0.1.aarch64
    poppler-debugsource-24.08.0-1.amzn2023.0.1.aarch64
    poppler-cpp-24.08.0-1.amzn2023.0.1.aarch64
    poppler-cpp-devel-24.08.0-1.amzn2023.0.1.aarch64
    poppler-devel-24.08.0-1.amzn2023.0.1.aarch64
    poppler-glib-debuginfo-24.08.0-1.amzn2023.0.1.aarch64
    poppler-24.08.0-1.amzn2023.0.1.aarch64

noarch:
    poppler-glib-doc-24.08.0-1.amzn2023.0.1.noarch

src:
    poppler-24.08.0-1.amzn2023.0.1.src

x86_64:
    poppler-debuginfo-24.08.0-1.amzn2023.0.1.x86_64
    poppler-cpp-devel-24.08.0-1.amzn2023.0.1.x86_64
    poppler-glib-devel-24.08.0-1.amzn2023.0.1.x86_64
    poppler-glib-debuginfo-24.08.0-1.amzn2023.0.1.x86_64
    poppler-cpp-debuginfo-24.08.0-1.amzn2023.0.1.x86_64
    poppler-devel-24.08.0-1.amzn2023.0.1.x86_64
    poppler-cpp-24.08.0-1.amzn2023.0.1.x86_64
    poppler-utils-debuginfo-24.08.0-1.amzn2023.0.1.x86_64
    poppler-utils-24.08.0-1.amzn2023.0.1.x86_64
    poppler-glib-24.08.0-1.amzn2023.0.1.x86_64
    poppler-24.08.0-1.amzn2023.0.1.x86_64
    poppler-debugsource-24.08.0-1.amzn2023.0.1.x86_64

Additional References

Release Notes:  Amazon Linux 2023 Release Notes

Red Hat: CVE-2026-10118

Mitre: CVE-2026-10118