A vulnerability, which was classified as problematic , has been found in Xpdf 4.06 . This affects an unknown part. Performing a manipulation results in out-of-bounds read. This vulnerability is cataloged as CVE-2026-4407 . The attack must be initiated from a local position. There is no exploit available.
Full text archived locally
✦ AI Summary· Claude Sonnet
VDB-351640 · CVE-2026-4407 · GCVE-0-2026-4407
XPDF 4.06 OUT-OF-BOUNDS
HISTORYDIFFRELATEJSONXMLCTI
CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score
2.9 $0-$5k 1.49+
Summaryinfo
A vulnerability, which was classified as problematic, was found in Xpdf 4.06. This vulnerability affects unknown code. Executing a manipulation can lead to out-of-bounds. This vulnerability is registered as CVE-2026-4407. The attack needs to be launched locally. No exploit is available.
Detailsinfo
A vulnerability classified as problematic was found in Xpdf 4.06. This vulnerability affects some unknown functionality. The manipulation with an unknown input leads to a out-of-bounds vulnerability. The CWE definition for the vulnerability is CWE-125. The product reads data past the end, or before the beginning, of the intended buffer. As an impact it is known to affect availability. CVE summarizes:
Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the "N" field in ICCBased color spaces.
The weakness was published by wooseokdotkim. The advisory is shared for download at xpdfreader.com. This vulnerability was named CVE-2026-4407 since 03/18/2026. The exploitation appears to be difficult. The attack needs to be approached locally. No form of authentication is required for a successful exploitation. There are neither technical details nor an exploit publicly available.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Productinfo
Type
Document Reader Software
Name
Xpdf
Version
4.06
License
open-source
CPE 2.3info
🔒
CPE 2.2info
🔒
CVSSv4info
VulDB Vector: 🔒
VulDB Reliability: 🔍
CNA CVSS-B Score: 🔒
CNA CVSS-BT Score: 🔒
CNA Vector: 🔒
CVSSv3info
VulDB Meta Base Score: 2.9
VulDB Meta Temp Score: 2.9
VulDB Base Score: 2.9
VulDB Temp Score: 2.9
VulDB Vector: 🔒
VulDB Reliability: 🔍
CVSSv2info
Vector Complexity Authentication Confidentiality Integrity Availability
Unlock Unlock Unlock Unlock Unlock Unlock
Unlock Unlock Unlock Unlock Unlock Unlock
Unlock Unlock Unlock Unlock Unlock Unlock
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploitinginfo
Class: Out-of-bounds
CWE: CWE-125 / CWE-119
CAPEC: 🔒
ATT&CK: 🔒
Physical: Partially
Local: Yes
Remote: No
Availability: 🔒
Status: Not defined
Price Prediction: 🔍
Current Price Estimation: 🔒
0-Day Unlock Unlock Unlock Unlock
Today Unlock Unlock Unlock Unlock
Threat Intelligenceinfo
Interest: 🔍
Active Actors: 🔍
Active APT Groups: 🔍
Countermeasuresinfo
Recommended: no mitigation known
Status: 🔍
0-Day Time: 🔒
Timelineinfo
03/18/2026 CVE reserved
03/18/2026 +0 days VulDB entry created
03/19/2026 +0 days Advisory disclosed
03/19/2026 +0 days VulDB entry last update
Sourcesinfo
Advisory: xpdfreader.com
Researcher: wooseokdotkim
Status: Not defined
CVE: CVE-2026-4407 (🔒)
GCVE (CVE): GCVE-0-2026-4407
GCVE (VulDB): GCVE-100-351640
Entryinfo
Created: 03/19/2026 00:10
Changes: 03/19/2026 00:10 (65)
Complete: 🔍
Cache ID: 99:702:101
Discussion
No comments yet. Languages: en.
Please log in to comment.
◂ PreviousOverviewNext ▸