{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4407", "assignerOrgId": "ace9cabe-4f4f-416b-8c39-b0e002761924", "state": "PUBLISHED", "assignerShortName": "GandC", "dateReserved": "2026-03-18T21:24:26.684Z", "datePublished": "2026-03-18T21:44:36.651Z", "dateUpdated": "2026-03-19T14:01:35.168Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ace9cabe-4f4f-416b-8c39-b0e002761924", "shortName": "GandC", "dateUpdated": "2026-03-18T21:44:36.651Z"}, "title": "Out-of-bounds array write in Xpdf 4.06 due to missing validation", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-20", "description": "CWE-20 Improper input validation", "type": "CWE"}]}, {"descriptions": [{"lang": "en", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds write", "type": "CWE"}]}], "affected": [{"vendor": "Xpdf", "product": "Xpdf", "platforms": ["all"], "versions": [{"status": "affected", "version": "4.06", "versionType": "version"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the \"N\" field in ICCBased color spaces.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<div>Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the \"N\" field in ICCBased color spaces.</div><div><br></div>"}]}], "references": [{"url": "https://www.xpdfreader.com/security-bug/CVE-2026-4407.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "LOW", "baseScore": 2.1, "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"}}], "credits": [{"lang": "en", "value": "wooseokdotkim", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-19T14:01:23.763799Z", "id": "CVE-2026-4407", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-19T14:01:35.168Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4407", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-19T14:01:23.763799Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-19T14:01:29.932Z"}}], "cna": {"title": "Out-of-bounds array write in Xpdf 4.06 due to missing validation", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "wooseokdotkim"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.1, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Xpdf", "product": "Xpdf", "versions": [{"status": "affected", "version": "4.06", "versionType": "version"}], "platforms": ["all"], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.xpdfreader.com/security-bug/CVE-2026-4407.html"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the \"N\" field in ICCBased color spaces.", "supportingMedia": [{"type": "text/html", "value": "<div>Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the \"N\" field in ICCBased color spaces.</div><div><br></div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper input validation"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds write"}]}], "providerMetadata": {"orgId": "ace9cabe-4f4f-416b-8c39-b0e002761924", "shortName": "GandC", "dateUpdated": "2026-03-18T21:44:36.651Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4407", "state": "PUBLISHED", "dateUpdated": "2026-03-19T14:01:35.168Z", "dateReserved": "2026-03-18T21:24:26.684Z", "assignerOrgId": "ace9cabe-4f4f-416b-8c39-b0e002761924", "datePublished": "2026-03-18T21:44:36.651Z", "assignerShortName": "GandC"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the \"N\" field in ICCBased color spaces."}], "id": "CVE-2026-4407", "lastModified": "2026-03-19T13:25:00.570", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.1, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "xpdf@xpdfreader.com", "type": "Secondary"}]}, "published": "2026-03-18T22:16:26.437", "references": [{"source": "xpdf@xpdfreader.com", "url": "https://www.xpdfreader.com/security-bug/CVE-2026-4407.html"}], "sourceIdentifier": "xpdf@xpdfreader.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-787"}], "source": "xpdf@xpdfreader.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["all"], "status": "affected", "versions": {"scheme": "generic", "value": "4.06"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Xpdf", "source": "cna", "vendor": "Xpdf"}, "product": "xpdf", "vendor": "xpdf"}], "analysis": {"en": {"generated_at": "2026-03-18T23:23:18.674463+00:00", "value": {"mitigation_remediation": ["Verify your Xpdf installation version.", "Upgrade Xpdf to a version newer than 4.06 as recommended by the vendor.", "If an upgrade is not immediately feasible, restrict the processing of PDFs that use ICCBased color spaces or otherwise avoid handling potentially malicious PDFs.", "Monitor the Xpdf security advisory page for patches and apply any available updates as soon as they are released."], "summary": {"action": "Assess Impact", "impact": "Memory Corruption"}, "threat_synthesis": {"affected_systems": "The affected vendor is Xpdf and the product is Xpdf Reader. All versions 4.06 and earlier are vulnerable.", "description_and_impact": "An out\u2011of\u2011bounds array write exists in Xpdf 4.06 and earlier caused by incorrect validation of the \"N\" field in ICCBased color spaces. The vulnerability can corrupt memory, leading to crashes or potentially exploitable conditions. It is categorized as CWE\u201120 (Improper Input Validation) and CWE\u2011787 (Out\u2011of\u2011Bounds Write). The CVSS score of 2.1 reflects a low overall risk and no known exploitation impact beyond application instability.", "risk_and_exploitability": "The CVSS score is 2.1, indicating low severity, and the EPSS score is not available. The vulnerability is not listed in CISA\u2019s KEV catalog. No exploit has been documented, and the attack vector is not explicitly stated; it is likely restricted to local use of the vulnerable Xpdf binary with a malicious PDF file. The risk remains limited to non\u2011remote code execution and potential denial of service in the affected application."}}}}, "created": "2026-03-19T08:55:19.271957+00:00", "updated": "2026-03-25T11:52:01.859557+00:00", "vendors": ["xpdf", "xpdf$PRODUCT$xpdf"]}