CVE-2026-4407
Out-of-bounds array write in Xpdf 4.06 due to missing validation
Title source: cnaDescription
Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the "N" field in ICCBased color spaces.
References (1)
Scores
EPSS
0.0003
EPSS Percentile
9.8%
Details
CWE
CWE-787
CWE-20
Status
published
Products (1)
Xpdf/Xpdf
< 4.06
Published
Mar 18, 2026
Tracked Since
Mar 19, 2026