CVE-2026-25535 jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful GIF file that results in...

CVE-2026-24133

The CVE-2026-24133 issue affects jsPDF (prior to 4.1.0) where user control of the first addImage argument allows denial of service when processing unvalidated BMP data or URLs, including via the html method. Harmful BMP headers with large width/height trigger excessive memory allocations, leading...

CVE-2026-24133 jsPDF Affected by Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in...

GHSA-95FX-JJR5-F39C jsPDF Vulnerable to Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder

Impact User control of the first argument of the addImage method results in Denial of Service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in out of memory errors and denial of service. Harmful BMP file...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the addImage or html methods. An attacker can cause excessive CPU utilization and application unresponsiveness by supplying malicious PNG image data or URLs. Details Denial of...

Allocation of Resources Without Limits or Throttling

Overview jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the addImage or html methods. An attacker can cause excessive CPU utilization and application unresponsiveness by supplying...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the addImage or html methods. An attacker can cause excessive CPU utilization and application unresponsiveness by supplying malicious PNG image data or URLs. Details Denial of...

CVE-2025-57810 jsPDF Parsing of Corrupt PNGs Leads to Potential Denial of Service (DoS)

jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG...