CVE-2026-4407
Publication date 19 March 2026
Last updated 19 March 2026
Ubuntu priority
Description
Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the "N" field in ICCBased color spaces.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| xpdf | 25.10 questing |
Needs evaluation
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
|
| ipe | 25.10 questing |
Needs evaluation
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
Notes
mdeslaur
In trusty to bionic, xpdf is built with poppler as the backend library, so most xpdf issues don't apply to it. In jammy and later, the xpdf package is actually xpopple, a fork that also builds against poppler.