jsPDF Vulnerable to Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder

Severity:: High

Description

User control of the first argument of the addImage method results in Denial of Service.

If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in out of memory errors and denial of service.

Recommendation

Update the jspdf package to the latest compatible version. Followings are version details:

Affected version(s): <= 4.0.0
Patched version(s): 4.1.0

References

GHSA-95fx-jjr5-f39c
CVE-2026-24133
CWE-20
CWE-400
CWE-770
CAPEC-310
OWASP 2021-A3
OWASP 2021-A6

Related Issues

jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions - CVE-2026-25535
Cube Core is vulnerable to Denial of Service (DoS) via crafted request - CVE-2026-25957
Nuxt OG Image is vulnerable to Denial of Service via unbounded image dimensions - CVE-2026-34404
Marked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer - CVE-2026-41680

CSRF, XXE, and 12 Other Security Acronyms Explained

10 Secure Coding Best Practices to Follow in Every Project

Update Cheat Sheet for Developers

Tags:: npm; jspdf

Anything's wrong? Let us know Last updated on February 03, 2026