PT-2026-26161 · Xpdf · Xpdf
Wooseokdotkim
·
Published
2026-03-18
·
Updated
2026-03-19
·
CVE-2026-4407
CVSS v4.0
2.1
Low
| Vector | AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Xpdf versions prior to 4.07
Description
An out-of-bounds array write issue exists in Xpdf due to insufficient validation of the "N" field within ICCBased color spaces. This can lead to a crash or potentially allow for arbitrary code execution.
Recommendations
Update to version 4.07 or later.
Fix
RCE
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Xpdf