Amazon Linux 2023 Security Advisory: ALAS2023-2026-1851
Advisory Released Date: 2026-06-22
Advisory Updated Date: 2026-06-22
Severity:
Important
Issue Overview:
A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the `tilingPatternFill` function. This overflow leads to an undersized heap memory allocation, allowing a subsequent out-of-bounds write. Successful exploitation could result in arbitrary code execution, information disclosure, or denial of service within the context of the application processing the PDF. (CVE-2026-10118)
Affected Packages:
compat-poppler22
Issue Correction:
Run dnf update compat-poppler22 --releasever 2023.12.20260622 or dnf update --advisory ALAS2023-2026-1851 --releasever 2023.12.20260622 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
aarch64:
compat-poppler22-debuginfo-22.08.0-3.amzn2023.0.6.aarch64
compat-poppler22-cpp-debuginfo-22.08.0-3.amzn2023.0.6.aarch64
compat-poppler22-cpp-22.08.0-3.amzn2023.0.6.aarch64
compat-poppler22-22.08.0-3.amzn2023.0.6.aarch64
compat-poppler22-debugsource-22.08.0-3.amzn2023.0.6.aarch64
src:
compat-poppler22-22.08.0-3.amzn2023.0.6.src
x86_64:
compat-poppler22-debuginfo-22.08.0-3.amzn2023.0.6.x86_64
compat-poppler22-cpp-22.08.0-3.amzn2023.0.6.x86_64
compat-poppler22-cpp-debuginfo-22.08.0-3.amzn2023.0.6.x86_64
compat-poppler22-22.08.0-3.amzn2023.0.6.x86_64
compat-poppler22-debugsource-22.08.0-3.amzn2023.0.6.x86_64