Poppler’s Splash backend contains an integer overflow in the tilingPatternFill function. The unchecked multiplication of pattern dimensions results in an undersized heap allocation, allowing an out‑of‑bounds write. This overflow can be exploited by a remote attacker through a crafted PDF file, leading to arbitrary code execution, information disclosure or denial of service within the processing application. The flaw is classified as CWE‑190: Integer Overflow or Wraparound.

This vulnerability affects systems that use the Poppler library as part of the Poppler Splash backend. Red Hat customers running Red Hat Enterprise Linux 10, 6, 7, 8 or 9, as well as Red Hat Hardened Images, are impacted through the bundled Poppler libraries. Exact product versions are not specified beyond the distribution names, but any release that includes an affected Poppler build is vulnerable.

The CVSS v3 score of 7.8 indicates high severity. No EPSS score is provided, so the current exploitation probability is unknown, but being a remote code execution flaw accessed via user‑supplied PDF content makes it an attractive target for attackers. It is not listed in the CISA KEV catalog at this time. The typical attack path involves a malicious PDF being opened with an application that uses Poppler; from that point the overflow can be triggered, allowing the attacker to execute code with the privileges of the rendering process.