CVE-2026-4407

LOW

Out-of-bounds array write in Xpdf 4.06 due to missing validation

Title source: cna
STIX 2.1

Description

Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the "N" field in ICCBased color spaces.

References (1)

Core 1

Scores

CVSS v4 2.1
EPSS 0.0014
EPSS Percentile 3.9%
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-20 CWE-787
Status published
Products (1)
Xpdf/Xpdf 4.06
Published Mar 18, 2026
Tracked Since Mar 19, 2026