Vulnerability in Xpdf

CVE-2025-11896

In Xpdf 4.05 (and earlier), a PDF object loop in a CMap, via the "UseCMap" entry, leads to infinite recursion and a stack overflow.

EPSS: 0.002 (5.2th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References