Home

Description

jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service. The vulnerability was fixed in jsPDF 3.0.2.

PUBLISHED Reserved 2025-08-20 | Published 2025-08-26 | Updated 2025-08-26 | Assigner GitHub_M




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-20: Improper Input Validation

CWE-770: Allocation of Resources Without Limits or Throttling

Product status

< 3.0.2
affected

References

github.com/.../jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw

github.com/parallax/jsPDF/pull/3880

github.com/...ommit/4cf3ab619e565d9b88b4b130bff901b91d8688e9

github.com/parallax/jsPDF/releases/tag/v3.0.2

cve.org (CVE-2025-57810)

nvd.nist.gov (CVE-2025-57810)

Download JSON