CVE-2021-40226: xpdfreader 4.03 is vulnerable to Buffer Overflow. Another famous "fixed in next release", but from over a year ago. Did this get a fix?
CVE-2023-2662 (https://forum.xpdfreader.com/viewtopic.php?t=42505): In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero.