What the vulnerability does
01Description
Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the "N" field in ICCBased color spaces.
CVE-2026-4407
LOW
CVE-2026-4407: Out-of-bounds array write in Xpdf 4.06 due to missing validation
CVSS base score
2.1/10
CVSS vector
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Key dates
02Disclosure timeline
March 18, 2026
CVE published
March 19, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2018-0174
CVE-2021-25509
CVE-2025-32067 i18n XSS vulnerability in message growthexperiments
CVE-2022-41942 Sourcegraph vulnerable to Comand Injection via gitserver
CVE-2024-41114 Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Gap filled Land Surface Temperature Daily option
