jsPDF Denial of Service (DoS)

Severity:: High

Description

User control of the first argument of the addImage method results in CPU utilization and denial of service.

If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service.

Other affected methods are: html.

Recommendation

Update the jspdf package to the latest compatible version. Followings are version details:

Affected version(s): <= 3.0.1
Patched version(s): 3.0.2

References

GHSA-8mvj-3j78-4qmw
CVE-2025-57810
CWE-20
CWE-835
CAPEC-310
OWASP 2021-A3
OWASP 2021-A6

Related Issues

jsPDF Bypass Regular Expression Denial of Service (ReDoS) - CVE-2025-29907
Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter - CVE-2022-24901
Improper calculations in ECC implementation can trigger a Denial-of-Service (DoS) - CVE-2023-25653
Denial of Service (DoS) vulnerability in RSSHub - CVE-2022-31110

Tags:: npm; jspdf

Anything's wrong? Let us know Last updated on September 10, 2025