2 matches found
Security Bulletin: jsPDF addImage Method Vulnerable to DoS via Malicious Image Dimensions
Summary jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful GIF file that...
Allocation of Resources Without Limits or Throttling
Overview jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the addImage and html methods. An attacker can cause excessive memory allocation and application unavailability by supplying...