Explore top 10 tips to secure your open-source projects now. Read More
×
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-24985 http://linux.oracle.com/errata/ELSA-2026-24985.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: poppler-24.02.0-7.el10_2.2.x86_64.rpm poppler-cpp-24.02.0-7.el10_2.2.x86_64.rpm poppler-cpp-devel-24.02.0-7.el10_2.2.x86_64.rpm poppler-devel-24.02.0-7.el10_2.2.x86_64.rpm poppler-glib-24.02.0-7.el10_2.2.x86_64.rpm poppler-glib-devel-24.02.0-7.el10_2.2.x86_64.rpm poppler-glib-doc-24.02.0-7.el10_2.2.noarch.rpm poppler-qt6-24.02.0-7.el10_2.2.x86_64.rpm poppler-qt6-devel-24.02.0-7.el10_2.2.x86_64.rpm poppler-utils-24.02.0-7.el10_2.2.x86_64.rpm aarch64: poppler-24.02.0-7.el10_2.2.aarch64.rpm poppler-cpp-24.02.0-7.el10_2.2.aarch64.rpm poppler-cpp-devel-24.02.0-7.el10_2.2.aarch64.rpm poppler-devel-24.02.0-7.el10_2.2.aarch64.rpm poppler-glib-24.02.0-7.el10_2.2.aarch64.rpm poppler-glib-devel-24.02.0-7.el10_2.2.aarch64.rpm poppler-glib-doc-24.02.0-7.el10_2.2.noarch.rpm poppler-qt6-24.02.0-7.el10_2.2.aarch64.rpm poppler-qt6-devel-24.02.0-7.el10_2.2.aarch64.rpm poppler-utils-24.02.0-7.el10_2.2.aarch64.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/poppler-24.02.0-7.el10_2.2.src.rpm Related CVEs: CVE-2026-10118 Description of changes: [24.02.0-7.el10_2.2] - Fix integer overflow in tilingPatternFill (CVE-2026-10118) - Bump NVR for MR - Resolves: RHEL-180565 [24.02.0-7.el10_2.1] - Fix integer overflow in tilingPatternFill (CVE-2026-10118) - Resolves: RHEL-180565 _______________________________________________ El-errata mailing list
Security update. Publication date: 16 Jul 2026 URL: https://advisories.mageia.org/MGASA-2026-0256.html Type: security Affected Mageia releases: 10, 9 CVE: CVE-2026-10118 Description: The updated packages fix a security vulnerability: Integer overflow in poppler splashoutputdev::tilingpatternfill leads to heap buffer overflow via unchecked dimension multiplication. (CVE-2026-10118) References: - https://bugs.mageia.org/show_bug.cgi?id=35658 - https://ubuntu.com/security/notices/USN-8400-1 - https://gitlab.freedesktop.org/poppler/poppler/-/work_items/1715 - https://lists.debian.org/debian-security-announce/2026/msg00244.html - https://www.cve.org/CVERecord?id=CVE-2026-10118 SRPMS: - 10/core/poppler-25.12.0-1.1.mga10 - 9/core/poppler-23.02.0-1.9.mga9 . Updated Mageia poppler packages address critical integer overflow leading to heap overflow issues. Immediate action recommended.. Mageia security patch, poppler update, heap overflow fix, integer overflow vulnerability. . Severity: Critical. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-25058 http://linux.oracle.com/errata/ELSA-2026-25058.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: poppler-21.01.0-24.el9_8.1.i686.rpm poppler-21.01.0-24.el9_8.1.x86_64.rpm poppler-cpp-21.01.0-24.el9_8.1.i686.rpm poppler-cpp-21.01.0-24.el9_8.1.x86_64.rpm poppler-cpp-devel-21.01.0-24.el9_8.1.i686.rpm poppler-cpp-devel-21.01.0-24.el9_8.1.x86_64.rpm poppler-devel-21.01.0-24.el9_8.1.i686.rpm poppler-devel-21.01.0-24.el9_8.1.x86_64.rpm poppler-glib-21.01.0-24.el9_8.1.i686.rpm poppler-glib-21.01.0-24.el9_8.1.x86_64.rpm poppler-glib-devel-21.01.0-24.el9_8.1.i686.rpm poppler-glib-devel-21.01.0-24.el9_8.1.x86_64.rpm poppler-glib-doc-21.01.0-24.el9_8.1.noarch.rpm poppler-qt5-21.01.0-24.el9_8.1.i686.rpm poppler-qt5-21.01.0-24.el9_8.1.x86_64.rpm poppler-qt5-devel-21.01.0-24.el9_8.1.i686.rpm poppler-qt5-devel-21.01.0-24.el9_8.1.x86_64.rpm poppler-utils-21.01.0-24.el9_8.1.x86_64.rpm aarch64: poppler-21.01.0-24.el9_8.1.aarch64.rpm poppler-cpp-21.01.0-24.el9_8.1.aarch64.rpm poppler-cpp-devel-21.01.0-24.el9_8.1.aarch64.rpm poppler-devel-21.01.0-24.el9_8.1.aarch64.rpm poppler-glib-21.01.0-24.el9_8.1.aarch64.rpm poppler-glib-devel-21.01.0-24.el9_8.1.aarch64.rpm poppler-glib-doc-21.01.0-24.el9_8.1.noarch.rpm poppler-qt5-21.01.0-24.el9_8.1.aarch64.rpm poppler-qt5-devel-21.01.0-24.el9_8.1.aarch64.rpm poppler-utils-21.01.0-24.el9_8.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/poppler-21.01.0-24.el9_8.1.src.rpm Related CVEs: CVE-2026-10118 Description of changes: [21.01.0-24.el9_8.1] - Fix integer overflow in tilingPatternFill (CVE-2026-10118) - Resolves: RHEL-180580 _______________________________________________ El-errata mailing list
Several vulnerabilities were discovered in poppler, a PDF rendering library, which could result in denial of service, information disclosure, or potentially the execution of arbitrary code if a specially crafted file is processed. For the oldstable distribution (bookworm), these problems have been fixed. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6334-1
poppler could be made to crash or run programs if it opened a specially crafted file.. ========================================================================== Ubuntu Security Notice USN-8400-1 June 08, 2026 poppler vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: poppler could be made to crash or run programs if it opened a specially crafted file. Software Description: - poppler: PDF rendering library Details: It was discovered that poppler incorrectly handled certain malformed PDF tiling patterns in the Splash backend. An attacker could possibly use this issue to execute arbitrary code, obtain sensitive information, or cause a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS libpoppler156 26.01.0-2ubuntu0.1 poppler-utils 26.01.0-2ubuntu0.1 Ubuntu 25.10 libpoppler147 25.03.0-10ubuntu0.2 poppler-utils 25.03.0-10ubuntu0.2 Ubuntu 24.04 LTS libpoppler134 24.02.0-1ubuntu9.9 poppler-utils 24.02.0-1ubuntu9.9 Ubuntu 22.04 LTS libpoppler118 22.02.0-2ubuntu0.13 poppler-utils 22.02.0-2ubuntu0.13 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8400-1 CVE-2026-10118 Package Information: https://launchpad.net/ubuntu/+source/poppler/26.01.0-2ubuntu0.1 https://launchpad.net/ubuntu/+source/poppler/25.03.0-10ubuntu0.2 https://launchpad.net/ubuntu/+source/poppler/24.02.0-1ubuntu9.9 https://launchpad.net/ubuntu/+source/poppler/22.02.0-2ubuntu0.13 . poppler in Ubuntu could allow crashes or code execution via crafted PDFs. Update instructions included.. Ubuntu Poppler Security, PDFVulnerability, System Update Instructions. . Severity: Critical. LinuxSecurity.com Team
poppler could be made to crash or run programs if it opened a specially crafted file.. ========================================================================== Ubuntu Security Notice USN-8400-1 June 08, 2026 poppler vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: poppler could be made to crash or run programs if it opened a specially crafted file. Software Description: - poppler: PDF rendering library Details: It was discovered that poppler incorrectly handled certain malformed PDF tiling patterns in the Splash backend. An attacker could possibly use this issue to execute arbitrary code, obtain sensitive information, or cause a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS libpoppler156 26.01.0-2ubuntu0.1 poppler-utils 26.01.0-2ubuntu0.1 Ubuntu 25.10 libpoppler147 25.03.0-10ubuntu0.2 poppler-utils 25.03.0-10ubuntu0.2 Ubuntu 24.04 LTS libpoppler134 24.02.0-1ubuntu9.9 poppler-utils 24.02.0-1ubuntu9.9 Ubuntu 22.04 LTS libpoppler118 22.02.0-2ubuntu0.13 poppler-utils 22.02.0-2ubuntu0.13 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8400-1 CVE-2026-10118 Package Information: https://launchpad.net/ubuntu/+source/poppler/26.01.0-2ubuntu0.1 https://launchpad.net/ubuntu/+source/poppler/25.03.0-10ubuntu0.2 https://launchpad.net/ubuntu/+source/poppler/24.02.0-1ubuntu9.9 https://launchpad.net/ubuntu/+source/poppler/22.02.0-2ubuntu0.13 . A critical issue in poppler could cause crashes or execute arbitrary code via specially crafted files.. Ubuntu Security, PopplerUpdate, Denial of Service, Critical Vulnerability. . Severity: Critical. LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # Security update for poppler Announcement ID: SUSE-SU-2026:20911-1 Release Date: 2026-03-19T08:11:15Z Rating: moderate References: * bsc#1252337 Cross-References: * CVE-2025-11896 CVSS scores: * CVE-2025-11896 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-11896 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-11896 ( NVD ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2025-11896: infinite recursion leading to stack overflow due to object loop in PDF CMap (bsc#1252337). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-411=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * libpoppler148-debuginfo-25.04.0-160000.4.1 * poppler-debugsource-25.04.0-160000.4.1 * libpoppler-glib8-debuginfo-25.04.0-160000.4.1 * typelib-1_0-Poppler-0_18-25.04.0-160000.4.1 * libpoppler-cpp2-25.04.0-160000.4.1 * libpoppler-qt6-devel-25.04.0-160000.4.1 * libpoppler-glib8-25.04.0-160000.4.1 * libpoppler-qt6-3-debuginfo-25.04.0-160000.4.1 * libpoppler-devel-25.04.0-160000.4.1 * libpoppler-qt6-3-25.04.0-160000.4.1 * libpoppler-cpp2-debuginfo-25.04.0-160000.4.1 * libpoppler148-25.04.0-160000.4.1 * poppler-tools-25.04.0-160000.4.1 * poppler-qt6-debugsource-25.04.0-160000.4.1 *poppler-tools-debuginfo-25.04.0-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2025-11896.html * https://bugzilla.suse.com/show_bug.cgi?id=1252337 . Update available for SUSE addressing a moderate issue with poppler's infinite recursion leading to stack overflow vulnerability.. SUSE Update, Poppler Security, Moderate Risk, Infinite Recursion Fix. . LinuxSecurity.com Team
An update that solves one vulnerability and has one bug fix can now be installed.. openSUSE security update: security update for poppler ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20397-1 Rating: moderate References: * bsc#1252337 Cross-References: * CVE-2025-11896 CVSS scores: * CVE-2025-11896 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-11896 ( SUSE ): 2 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability and has one bug fix can now be installed. Description: This update for poppler fixes the following issues: - CVE-2025-11896: infinite recursion leading to stack overflow due to object loop in PDF CMap (bsc#1252337). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-411=1 Package List: - openSUSE Leap 16.0: libpoppler-cpp2-25.04.0-160000.4.1 libpoppler-devel-25.04.0-160000.4.1 libpoppler-glib-devel-25.04.0-160000.4.1 libpoppler-glib8-25.04.0-160000.4.1 libpoppler-qt5-1-25.04.0-160000.4.1 libpoppler-qt5-devel-25.04.0-160000.4.1 libpoppler-qt6-3-25.04.0-160000.4.1 libpoppler-qt6-devel-25.04.0-160000.4.1 libpoppler148-25.04.0-160000.4.1 poppler-tools-25.04.0-160000.4.1 typelib-1_0-Poppler-0_18-25.04.0-160000.4.1 References: * https://www.suse.com/security/cve/CVE-2025-11896.html . Update for openSUSE addresses moderate issue in poppler, fixing stack overflow vulnerability with installation instructions.. openSUSE security update, poppler update, stack overflow fix, CVE-2025-11896. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.