Back

Critical Poppler Vulnerability in Ubuntu Allows Code Execution and DoS

Severity: High (Score: 72.0)

Sources: Linuxsecurity, Ubuntu

Published: 2026-06-08 · Updated: 2026-06-08

Keywords: ubuntu, poppler, made, crash, programs, critical, code

Severity indicators: critical

Summary

A vulnerability in Poppler, a PDF rendering library, has been identified that could allow attackers to crash systems or execute arbitrary code by opening specially crafted PDF files. This flaw affects multiple Ubuntu releases, including 26.04 LTS, 25.10, 24.04 LTS, and 22.04 LTS. The vulnerability arises from Poppler's improper handling of malformed PDF tiling patterns in the Splash backend. Attackers may exploit this issue to gain access to sensitive information or cause a denial of service. Users are advised to update their systems to the latest package versions to mitigate the risk. A standard system update is sufficient to apply the necessary changes. The issue was disclosed in Ubuntu Security Notice USN-8400-1, published on June 8, 2026. Key Points: • Poppler vulnerability allows code execution and denial of service via crafted PDF files. • Affected Ubuntu versions include 26.04 LTS, 25.10, 24.04 LTS, and 22.04 LTS. • Users must update their systems to mitigate the risk associated with this vulnerability.

Detailed Analysis

**Impact** The vulnerability affects multiple Ubuntu releases and their derivatives, including Ubuntu 26.04 LTS, 25.10, 24.04 LTS, and 22.04 LTS. Systems using the poppler PDF rendering library are at risk of arbitrary code execution, denial of service (DoS), or unauthorized access to sensitive information. This impacts a broad range of users across sectors relying on Ubuntu for desktop and server environments globally. The potential operational consequences include system crashes, data breaches, and disruption of services. **Technical Details** The issue arises from improper handling of malformed PDF tiling patterns in the Splash backend of the poppler library. Attackers can exploit this by delivering specially crafted PDF files to trigger code execution or DoS conditions. No CVE identifiers or specific malware/tools are mentioned in the sources. The attack vector is file-based exploitation during PDF processing, affecting the execution and availability stages of the kill chain. No indicators of compromise (IOCs) are provided. **Recommended Response** Apply the security updates provided in Ubuntu Security Notice USN-8400-1 immediately, upgrading poppler and poppler-utils to the specified patched versions for each Ubuntu release. Ensure standard system updates are performed promptly to mitigate the risk. Monitor for unusual PDF file handling or crashes in applications using poppler. No additional detection signatures or configurations are detailed in the reports.

Source articles (2)

  • USN-8400-1: poppler vulnerability — Ubuntu · 2026-06-08
    poppler could be made to crash or run programs if it opened a specially crafted file. It was discovered that poppler incorrectly handled certain malformed PDF tiling patterns in the Splash backend. An…
  • Ubuntu 26.04 LTS Poppler Critical DoS Code Execution Vuln USN-8400 — Linuxsecurity · 2026-06-08
    A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: poppler could be made to crash or run programs i…

Timeline

  • 2026-06-08 — Poppler vulnerability disclosed: Ubuntu Security Notice USN-8400-1 details a critical vulnerability in Poppler affecting multiple Ubuntu releases.
  • 2026-06-08 — Patch recommended for affected systems: Users are advised to update their systems to the latest package versions to address the vulnerability.

Related entities

  • DDoS (Attack Type)
  • Zero-day Exploit (Attack Type)
  • Poppler (Platform)
  • Splash (Platform)
  • Ubuntu (Company)
  • Poppler Vulnerability (Vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed