Lucene search
K

60 matches found

RedhatCVE
RedhatCVE
added 2025/03/20 7:18 p.m.17 views

CVE-2025-29907

jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.1, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitised image urls to the addImage method, a user can provide a harmful data-url that...

8.7CVSS6.8AI score0.00646EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2025/03/18 9:7 p.m.27 views

jsPDF Bypass Regular Expression Denial of Service (ReDoS)

Impact User control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image urls to the addImage method, a user can provide a harmful data-url that results in high CPU utilization and denial of service. Othe...

8.7CVSS7.1AI score0.00646EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2025/03/18 9:7 p.m.2 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the addImage, html, and addSvgAsImage methods. An attacker can occupy excessive CPU by supplying a malicious data-url. PoC js import jsPDF from "jpsdf" const doc = new jsPDF; const payload =...

8.7CVSS6.8AI score0.00646EPSS
Exploits1References2
OSV
OSV
added 2025/03/18 9:7 p.m.0 views

GHSA-W532-JXJH-HJHJ jsPDF Bypass Regular Expression Denial of Service (ReDoS)

Impact User control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image urls to the addImage method, a user can provide a harmful data-url that results in high CPU utilization and denial of service. Othe...

8.7CVSS6.6AI score0.00646EPSS
Exploits1References4
NVD
NVD
added 2025/03/18 7:15 p.m.19 views

CVE-2025-29907

jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.1, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitised image urls to the addImage method, a user can provide a harmful data-url that...

8.7CVSS0.00646EPSS
Exploits1References2
Node.js
Node.js
added 2021/05/11 4:44 p.m.128 views

Regular Expression Denial of Service (ReDoS)

Overview jspdf before version 2.3.1 has a regular expression denial-of-service via the addImage function. Recommendation Upgrade to version 2.3.1 or later References - CVE - GitHub Advisory...

5CVSS6AI score0.02644EPSS
Exploits0Affected Software1
OSV
OSV
added 2021/03/12 9:28 p.m.5 views

GHSA-57F3-GGHM-9MHC jspdf vulnerable to Regular Expression Denial of Service (ReDoS)

This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function...

7.5CVSS5.9AI score0.02644EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2021/03/12 9:28 p.m.67 views

jspdf vulnerable to Regular Expression Denial of Service (ReDoS)

This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function...

7.5CVSS7.3AI score0.02644EPSS
Exploits0References9Affected Software1
Veracode
Veracode
added 2021/03/10 3:3 a.m.20 views

Regular Expression Denial Of Service (ReDoS)

jspdf is vulnerable to regular expression denial of service. The vulnerability exists because it does not properly handle the regular expression for input image info extractedInfo in the function addImage , causing an application crash...

7.5CVSS3.1AI score0.02644EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2021/03/09 7:15 p.m.12 views

CVE-2021-23353

This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function...

7.5CVSS0.02644EPSS
Exploits0References7
OSV
OSV
added 2021/03/09 7:15 p.m.9 views

CVE-2021-23353

This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function...

7.5CVSS6.8AI score
Exploits0References7
Cvelist
Cvelist
added 2021/03/09 6:30 p.m.19 views

CVE-2021-23353 Regular Expression Denial of Service (ReDoS)

This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function...

5.9CVSS7.8AI score0.02644EPSS
Exploits0References7
CVE
CVE
added 2021/03/09 6:30 p.m.64 views

CVE-2021-23353

The CVE-2021-23353 entry concerns jspdf before version 2.3.1, where a Regular Expression Denial of Service (ReDoS) is possible via the addImage function. Multiple sources (NVD, Node.js advisory, GitHub advisory, OSV, Veracode, CVE list) confirm the affected component and the vulnerability class. ...

7.5CVSS6.5AI score0.02644EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2008/02/06 9:0 p.m.23 views

Stack overflow

Stack-based buffer overflow in the YMP Datagrid ActiveX control datagrid.dll in Yahoo! Music Jukebox 2.2.2.056 allows remote attackers to execute arbitrary code via a long argument to the AddImage method...

4.3CVSS8.2AI score0.09151EPSS
Exploits2References8Affected Software1
Packet Storm
Packet Storm
added 2008/02/04 12:0 a.m.23 views

yahoomusic-overflow.txt

// HeapSpray - execute calculator calc.exe shellcode = unescape"%u03eb%ueb59%ue805%ufff8%uffff%u4949%u4949%u4949" + "%u4948%u4949%u4949%u4949%u4949%u4949%u5a51%u436a" + "%u3058%u3142%u4250%u6b41%u4142%u4253%u4232%u3241" + "%u4141%u4130%u5841%u3850%u4242%u4875%u6b69%u4d4c" +...

0.1AI score
Exploits0
0day.today
0day.today
added 2008/02/03 12:0 a.m.9 views

Yahoo! Music Jukebox 2.2 AddImage() ActiveX Remote BOF Exploit (2)

Exploit for unknown platform in category remote exploits ================================================================== Yahoo! Music Jukebox 2.2 AddImage ActiveX Remote BOF Exploit 2 ================================================================== // HeapSpray - execute calculator calc.exe...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2008/02/03 12:0 a.m.16 views

Yahoo! Music Jukebox 2.2 - AddImage() ActiveX Remote Buffer Overflow (1)

Yahoo! Music Jukebox 2.2 - AddImage ActiveX Remote Buffer Overflow 1 function unescape$s $res=strtoupperbin2hex$s; $g = roundstrlen$res/4; if $g != strlen$res/4$res.="00"; $out = ""; for $i=0; $i function gsc var hsta = 0x0c0c0c0c; var plc = unescape"%u4343%u4343"+...

1.6AI score
Exploits0
seebug.org
seebug.org
added 2008/02/03 12:0 a.m.29 views

Yahoo! Music Jukebox 2.2 AddImage() ActiveX Remote BOF Exploit

No description provided by source. ?php // 0x48k-ymj by ... // based on /5043 // Bug discovered by Krystian Kloskowski h07 [email protected] function unescape$s $res=strtoupperbin2hex$s; $g = roundstrlen$res/4; if $g != strlen$res/4$res.="00"; $out = "";...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2008/02/03 12:0 a.m.24 views

Yahoo! Music Jukebox 2.2 - 'AddImage()' ActiveX Remote Buffer Overflow (1)

function unescape$s $res=strtoupperbin2hex$s; $g = roundstrlen$res/4; if $g != strlen$res/4$res.="00"; $out = ""; for $i=0; $i function gsc var hsta = 0x0c0c0c0c; var plc = unescape"%u4343%u4343"+ "%u0feb%u335b%u66c9%u80b9%u8001%uef33"+ "%ue243%uebfa%ue805%uffec%uffff%u8b7f"+...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2008/02/02 12:0 a.m.26 views

Yahoo! Music Jukebox 2.2 - 'AddImage()' ActiveX Remote Buffer Overflow (PoC)

Product homepage: http://music.yahoo.com/jukebox/ Tested on:.. - Yahoo! Music Jukebox 2.2.2.056 - MS IE 6 Details:.. ---------------------------------------------------------------- Exception C0000005 ACCESSVIOLATION reading 41414141 ---------------------------------------------------------------...

7.4AI score
Exploits0
Rows per page
Query Builder