Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-4407 | Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the "N" field in ICCBased color spaces. | 2.1 | 0.14% | 2026-03-18 | 2026-06-17 |
| CVE-2025-3154 | Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid VerticesPerRow value in a PDF shading dictionary. | 2.1 | 0.08% | 2025-04-02 | 2026-06-17 |
| CVE-2025-2574 | Out-of-bounds array write in Xpdf 4.05 and earlier, due to incorrect integer overflow checking in the PostScript function interpreter code. | 2.1 | 0.15% | 2025-03-20 | 2026-06-17 |
| CVE-2025-11896 | In Xpdf 4.05 (and earlier), a PDF object loop in a CMap, via the "UseCMap" entry, leads to infinite recursion and a stack overflow. | 2.1 | 0.16% | 2025-10-16 | 2026-06-17 |
| CVE-2024-7868 | In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder. The proof-of-concept PDF file causes a segfault attempting to read from an invalid address. | 2.1 | 0.39% | 2024-08-15 | 2026-06-17 |
| CVE-2024-7867 | In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero. | 2.1 | 0.21% | 2024-08-15 | 2026-06-17 |
| CVE-2024-7866 | In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow. | 2.1 | 0.22% | 2024-08-15 | 2026-06-17 |
| CVE-2024-4976 | Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field reference. | 2.1 | 0.17% | 2024-05-15 | 2026-06-17 |
| CVE-2024-4568 | In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources leads to infinite recursion and a stack overflow. | 2.9 | 0.22% | 2024-05-06 | 2026-06-17 |
| CVE-2024-4141 | Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers. | 2.9 | 0.18% | 2024-04-24 | 2026-06-17 |
| CVE-2024-3900 | Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in ActualText. | 2.9 | 0.18% | 2024-04-17 | 2026-06-17 |
| CVE-2024-3248 | In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads to infinite recursion and a stack overflow. | 2.9 | 0.29% | 2024-04-02 | 2026-06-17 |
| CVE-2024-3247 | In Xpdf 4.05 (and earlier), a PDF object loop in an object stream leads to infinite recursion and a stack overflow. | 2.9 | 0.29% | 2024-04-02 | 2026-06-17 |
| CVE-2024-2971 | Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by negative object number in indirect reference in the input PDF file. | 2.9 | 0.18% | 2024-03-26 | 2026-06-17 |
| CVE-2023-3436 | Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object stream. | 3.3 | 0.17% | 2023-06-27 | 2026-06-17 |
| CVE-2023-3044 | An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code. This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate. | 3.3 | 0.35% | 2023-06-02 | 2026-06-17 |
| CVE-2023-2664 | In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow. | 2.9 | 0.30% | 2023-05-11 | 2026-06-17 |
| CVE-2023-2663 | In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow. | 2.9 | 0.48% | 2023-05-11 | 2026-06-17 |
| CVE-2023-2662 | In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero. | 2.9 | 0.28% | 2023-05-11 | 2026-06-17 |
| CVE-2023-31554 | Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-2663. Reason: This record is a reservation duplicate of CVE-2023-2663. Notes: All CVE users should reference CVE-2023-2663 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage. | N/A | 0.06% | 2023-05-10 | 2026-02-25 |