Nixpkgs security tracker
7.8 HIGH
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Local (L)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): None (N)
- User Interaction (UI): Required (R)
- Scope (S): Unchanged (U)
- Confidentiality (C): High (H)
- Integrity (I): High (H)
- Availability (A): High (H)
- Modified Attack Vector (MAV): Local (L)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): Required (R)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): High (H)
- Modified Availability (MA): High (H)
by @LeSuisse Activity log
- Created suggestion
-
@LeSuisse
ignored
13 packages
- poppler_data
- libsForQt5.poppler
- kdePackages.poppler
- qt6Packages.poppler
- plasma5Packages.poppler
- haskellPackages.gi-poppler
- python312Packages.poppler-qt5
- python313Packages.poppler-qt5
- python314Packages.poppler-qt5
- zathuraPkgs.zathura_pdf_poppler
- python312Packages.python-poppler
- python313Packages.python-poppler
- python314Packages.python-poppler
- @LeSuisse accepted
- @LeSuisse published on GitHub
Poppler: integer overflow in poppler splashoutputdev::tilingpatternfill leads to heap buffer overflow via unchecked dimension multiplication
A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the `tilingPatternFill` function. This overflow leads to an undersized heap memory allocation, allowing a subsequent out-of-bounds write. Successful exploitation could result in arbitrary code execution, information disclosure, or denial of service within the context of the application processing the PDF.
References
Affected products
Matching in nixpkgs
pkgs.poppler
PDF rendering library
pkgs.poppler_gi
PDF rendering library
pkgs.poppler_min
PDF rendering library
pkgs.poppler-utils
PDF rendering library
Ignored packages (13)
pkgs.poppler_data
Encoding files for Poppler, a PDF rendering library
pkgs.libsForQt5.poppler
PDF rendering library
-
nixos-unstable qt5-25.10.0
- nixpkgs-unstable qt5-25.10.0
- nixos-unstable-small qt5-25.10.0
pkgs.kdePackages.poppler
PDF rendering library
-
nixos-unstable qt6-25.10.0
- nixpkgs-unstable qt6-25.10.0
- nixos-unstable-small qt6-25.10.0
pkgs.qt6Packages.poppler
PDF rendering library
-
nixos-unstable qt6-25.10.0
- nixpkgs-unstable qt6-25.10.0
- nixos-unstable-small qt6-25.10.0
pkgs.plasma5Packages.poppler
None
pkgs.haskellPackages.gi-poppler
Poppler bindings
pkgs.python312Packages.poppler-qt5
None
pkgs.python313Packages.poppler-qt5
None
-
nixos-unstable qt5-21.3.0
- nixpkgs-unstable qt5-21.3.0
- nixos-unstable-small qt5-21.3.0
pkgs.python314Packages.poppler-qt5
None
-
nixos-unstable qt5-21.3.0
- nixpkgs-unstable qt5-21.3.0
- nixos-unstable-small qt5-21.3.0
pkgs.zathuraPkgs.zathura_pdf_poppler
Zathura PDF plugin (poppler)
-
nixos-unstable 2026.05.10
- nixpkgs-unstable 2026.05.10
- nixos-unstable-small 2026.05.10
pkgs.python312Packages.python-poppler
None
pkgs.python313Packages.python-poppler
Python binding to poppler-cpp
pkgs.python314Packages.python-poppler
Python binding to poppler-cpp
Package maintainers
-
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>