EIP-2026-103626

PRE-CVE

Pdfium - Pattern Shading Integer Overflows

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103626. PoCs published by Google Security Research.

AI-analyzed exploit summary This is a detailed technical analysis of a heap overflow vulnerability in PDFium's shading pattern handling, specifically in the DrawRadialShading function. The writeup explains the root cause, including integer overflow in CountOutputs and lack of validation in function signatures, leading to out-of-bounds writes.

Description

Pdfium - Pattern Shading Integer Overflows

Exploits (1)

exploitdb WRITEUP VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/44082

View Code ZIP pw:eip

This is a detailed technical analysis of a heap overflow vulnerability in PDFium's shading pattern handling, specifically in the DrawRadialShading function. The writeup explains the root cause, including integer overflow in CountOutputs and lack of validation in function signatures, leading to out-of-bounds writes.

Classification

Writeup 100%

Attack Type

Rce

Complexity

Complex

Reliability

Theoretical

Target: PDFium (Chromium's PDF engine)

No auth needed

Prerequisites: Malicious PDF file with crafted shading patterns

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026