CVE-2026-4407

| EUVD-2026-12995 LOW
2026-03-18 GandC
2.1
CVSS 4.0

CVSS Vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
None

Lifecycle Timeline

3
Analysis Generated
Mar 18, 2026 - 22:00 vuln.today
EUVD ID Assigned
Mar 18, 2026 - 22:00 euvd
EUVD-2026-12995
CVE Published
Mar 18, 2026 - 21:44 nvd
LOW 2.1

Tags

Buffer Overflow Denial Of Service

Description

Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the "N" field in ICCBased color spaces.

Analysis

An out-of-bounds array write vulnerability exists in Xpdf versions 4.06 and earlier, stemming from improper validation of the 'N' field in ICCBased color spaces within PDF documents. This buffer overflow vulnerability affects all versions of Xpdf up to and including 4.06, potentially allowing attackers to achieve arbitrary code execution or denial of service by crafting malicious PDF files with specially crafted color space definitions. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

During next maintenance window: Apply vendor patches when convenient. Verify input validation controls are in place.

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

11
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +10
POC: 0

Share

CVE-2026-4407 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy