CVE-2026-25535
HIGH
GHSA-67pg-wm7f-q7fj
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
4Tags
Description
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the first argument of the `addImage` method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the `addImage` method, a user can provide a harmful GIF file that results in out of memory errors and denial of service. Harmful GIF files have large width and/or height entries in their headers, which lead to excessive memory allocation. Other affected methods are: `html`. The vulnerability has been fixed in jsPDF 4.2.0. As a workaround, sanitize image data or URLs before passing it to the addImage method or one of the other affected methods.
Analysis
Denial of service in jsPDF prior to version 4.2.0 allows remote attackers to trigger out-of-memory conditions by supplying specially crafted GIF files with oversized dimension headers to the addImage or html methods. Public exploit code exists for this vulnerability, affecting applications that process untrusted image data. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all applications and dependencies using jsPDF and determine current version inventory. Within 7 days: Test and deploy jsPDF 4.2.0 or later to development and staging environments. …
Sign in for detailed remediation steps.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today